f4ed15b14535520e777d3a69b937627ef3f98e29449fde3a82dba86e5f49c9de

Analysis

max time kernel
1042s
max time network
1042s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17/10/2024, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rexon_12-10-24.html
Size

8KB
MD5

06be75a80e0a736530d0182c731b9999
SHA1

9da24f2d2ecb9a786ab3f9cbaf45fa017a7cf4f0
SHA256

f4ed15b14535520e777d3a69b937627ef3f98e29449fde3a82dba86e5f49c9de
SHA512

11c5a7a2d5750e02929cdb63a4dc156c79855fd10216cb67a1ee5597b1d99c0a2ee12ce40cc624793cefdec4a25e75af8c96590ce317ef80bd635193f5081849
SSDEEP

192:PN2x2BIW8K5UcK5U9WKL0wqgegzxzc8DWWoowFeTNLLB4Jt5CY2lrCWyg5UsN:Axc8iOKL0ngesxZbYGvu35C3+aN

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Executes dropped EXE 4 IoCs

pid	Process
6024	AnyDesk.exe
5336	AnyDesk.exe
2916	AnyDesk.exe
5548	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
2916	AnyDesk.exe
5336	AnyDesk.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b1cd13b1a320db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 96617daba320db01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "540"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "601"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\ServiceTabLoadAttempts = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{AFA22C27-A2CB-4AD8-8107-D8F057D570 = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000099b051bea320db0199b051bea320db010c7fefbea320db0148334c000000000001000000000000000000000000000000990314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018006200320048334c0051592a762000416e794465736b2e65786500480009000400efbe51592a7651592a762e00000000000000000000000000000000000000000000000000f4986f0041006e0079004400650073006b002e0065007800650000001a000000a10000001c000000010000001c0000003400000000000000a00000001800000003000000e96c9c071000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c416e794465736b2e657865000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a058000000000000006e64746e7a76686e000000000000000082dd88fe5c4e9049a366c23e19a8eb0e2d57dc1d86f2ee11b03fd68c0a96ca3082dd88fe5c4e9049a366c23e19a8eb0e2d57dc1d86f2ee11b03fd68c0a96ca30d2000000090000a08d00000031535053e28a5846bc4c3843bbfc139326986dce7100000004000000001f0000002f00000053002d0031002d0035002d00320031002d0033003600390039003300360033003900320033002d0031003800370035003500370036003800320038002d0033003200380037003100350031003900300033002d00310030003000300000000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000005ffc38000000000000d01200000000000000000000000000000000	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f2c48cda320db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c03eaea7a320db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "189"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0f2a71aea320db01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "189"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\anydesk.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "435958087"	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe.zvpf7bs.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2916	AnyDesk.exe

Suspicious behavior: MapViewOfSection 20 IoCs

pid	Process
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeDebugPrivilege	3348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2444	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2444	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2444	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	2356	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	2356	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	2356	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	2356	MicrosoftEdgeCP.exe
Token: 33	5680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5680	AUDIODG.EXE
Token: SeShutdownPrivilege	2356	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	2356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2808	MicrosoftEdge.exe
Token: SeDebugPrivilege	2808	MicrosoftEdge.exe
Token: SeDebugPrivilege	6024	AnyDesk.exe
Token: SeDebugPrivilege	6024	AnyDesk.exe
Token: SeDebugPrivilege	5336	AnyDesk.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe
2916	AnyDesk.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2808	MicrosoftEdge.exe
2908	MicrosoftEdgeCP.exe
3348	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
4592	MicrosoftEdgeCP.exe
4592	MicrosoftEdgeCP.exe
5548	AnyDesk.exe
5548	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2444	2908	MicrosoftEdgeCP.exe	78
PID 2908 wrote to memory of 2444	2908	MicrosoftEdgeCP.exe	78
PID 2908 wrote to memory of 2444	2908	MicrosoftEdgeCP.exe	78
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 5096	2908	MicrosoftEdgeCP.exe	82
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 2908 wrote to memory of 2356	2908	MicrosoftEdgeCP.exe	83
PID 4432 wrote to memory of 6024	4432	browser_broker.exe	85
PID 4432 wrote to memory of 6024	4432	browser_broker.exe	85
PID 4432 wrote to memory of 6024	4432	browser_broker.exe	85
PID 6024 wrote to memory of 5336	6024	AnyDesk.exe	87
PID 6024 wrote to memory of 5336	6024	AnyDesk.exe	87
PID 6024 wrote to memory of 5336	6024	AnyDesk.exe	87
PID 6024 wrote to memory of 2916	6024	AnyDesk.exe	88
PID 6024 wrote to memory of 2916	6024	AnyDesk.exe	88
PID 6024 wrote to memory of 2916	6024	AnyDesk.exe	88
PID 5336 wrote to memory of 5548	5336	AnyDesk.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\rexon_12-10-24.html"
1⤵
PID:1860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:6024
- - C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe" --local-service
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:5336
  - - C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe" --backend
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5548
- - C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe" --local-control
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2916

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3348

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4592

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5096

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x388
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\7940397[1].js

Filesize
1KB

MD5
5b55dc94f45c2a88a0ae951aaba1387d

SHA1
764070595dd4a8e5117f1705bf5b497f8aef680a

SHA256
93facc8eb93cb35439cdddb9f2581707d43da557ef32e79d0748f96c33cc5c14

SHA512
67d21819dde2ae4c4854e28ef25d5a2dc7a6ffd649fb2793ff5f4a0a0cb53ae90f005872f0b955489d433a58b7ec485e6b9d63023704af9420e939c260b4713b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\KFOlCnqEu92Fr1MmYUtfCRc4EsA[1].woff2

Filesize
14KB

MD5
e904f1745726f4175e96c936525662a7

SHA1
af4e9ee282fea95be6261fc35b2accaed24f6058

SHA256
65c7b85c92158adb2d71bebe0d6dfb31ab34de5e7d82134fe1aa4eba589fc296

SHA512
7a279d41c8f60806c2253cba5b399be7add861bd15bf0ac4fa7c96fa1eee6557bf1ebd684e909086d9292739f27fa18947af5c98f4920fe00da3acf209c6260a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\anydesk.min-3542ac[1].css

Filesize
301KB

MD5
fac75b431b3346df752f01ac0f3f8e62

SHA1
3542ac8e437acac7bdff3768fd5e4073096b7a5c

SHA256
5147954ef4c259ead63e7669a4405c0daa31577cde6571ff9d20a7d8b8995b22

SHA512
0dbdb97fed5ac512a1badbd3ad8c709f3f657d2325bdbf289694291c456f39e19a21a311b59032f97548aaab956317d481356fec7ae6c61f4e5d09714d1df5e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\container_jWh5YR4y[1].js

Filesize
76KB

MD5
793b00639d28cc98f2104dc9cdbae92e

SHA1
1b7910f7edc8c912d187a2fb0ff3288b3d4ec35e

SHA256
452667c50ec286cc16ae9a0a9b0da5d958c29d87044326d0459a38f27e34de4d

SHA512
6f4b8e105838a7bd57c917164c5c8fb2708e15a8670d750d8858cf448ef8f8319a79d66275bac640ff67badfb9cb4651a450934d456e0b82c933b498ccd97748

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\matomo[1].js

Filesize
144KB

MD5
1369e29c42f3a5aaa911ee70db581f63

SHA1
e70787f6560526bc803f5cfd101e9e1b20e0aeac

SHA256
7c8666debe140ba9cd1e65c78bb4b6e3c8fab0147e53a6d613c3510d97e2ffdd

SHA512
d82b6c032caba4d41c8a579346ffbe2f717dd46e8fcead9c81570c5fc277db209d416c3f8817d055ff675254c9d2fe65c2c348a39fae264ee5b244f0ffdd50af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\recaptcha__en[1].js

Filesize
546KB

MD5
99210e7c2195de81c0eedf98787a69b3

SHA1
7b26c66058385b60109aa6129c2161a399a6034d

SHA256
5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302

SHA512
c3198d7943b3311679d77bcffea75d7043801277bf03ac10ca20bbe424e9ae896c060c7e0ef4143e23c2a41e367917a258404fba428099316705b7252aea8a6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\video-js.min-3b9d55[1].css

Filesize
39KB

MD5
0964bde5b86bfded7d27a536e510e4a2

SHA1
3b9d55e7a43e0c3505dfc5178d02f34647033870

SHA256
5d5cffc72f4a801e6c120d6b43ff5c5fce428b9f342a0bd97f22393bda0b31a8

SHA512
454e8522937c319ea3aecc07318ccff6ded0940b439290893fabaac87626e7a88fe9e11d6020df316d82e362ad8a6b49f0329afa2589aa3a5e4f22f242357ad6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\7940397[1].js

Filesize
141KB

MD5
c82d0d174b0aa68324771c11b62930b8

SHA1
106fab86c8d0b94d253875b2bab9ff51687ff6d5

SHA256
58c9d6f1dedb81f950bad866cfe2c1e1221d90219521def99cf36c8c695b6a15

SHA512
806f35acc8b3a463c0e8893af49964069307d3d6d33b89ab92e832d517e3cebab6e8af297311a496c234c4591dce62c1d0a24fbf6544f3c5470e326f731b0a0c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2

Filesize
9KB

MD5
df648143c248d3fe9ef881866e5dea56

SHA1
770cae7a298ecfe5cf5db8fe68205cdf9d535a47

SHA256
6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2

SHA512
6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmEU9fChc4EsA[1].woff2

Filesize
11KB

MD5
16aedbf057fbb3da342211de2d071f11

SHA1
fdee07631b40b264208caa8714faaa5b991d987b

SHA256
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f

SHA512
5cd45dfb0d0ee44afd9b3ffd93c2942c2f04e359d067d4631edd67a2ee09149766294b29c75aaab7436dacc775a8ca02392c5e4cfb8d7fede19c028448507e0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmEU9fCxc4EsA[1].woff2

Filesize
5KB

MD5
6bef514048228359f2f8f5e0235f8599

SHA1
318cb182661d72332dc8a8316d2e6df0332756c4

SHA256
135d563a494b1f8e6196278b7f597258a563f1438f5953c6fbef106070f66ec8

SHA512
23fb4605a90c7616117fab85fcd88c23b35d22177d441d01ce6270a9e95061121e0f7783db275ad7b020feaba02bbbc0f77803ca9fb843df6f1b2b7377288773

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmYUtfABc4EsA[1].woff2

Filesize
9KB

MD5
797d1a46df56bba1126441693c5c948a

SHA1
01f372fe98b4c2b241080a279d418a3a6364416d

SHA256
c451e5cf6b04913a0bc169e20eace7dec760ba1db38cdcc343d8673bb221dd00

SHA512
99827a3fab634b2598736e338213e1041ef26108a1607be294325d90a6ba251a947fd06d8cb0a2104b26d7fe9455feb9088a79fe515be1896c994c5850705edc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmYUtfBBc4[1].woff2

Filesize
14KB

MD5
19b7a0adfdd4f808b53af7e2ce2ad4e5

SHA1
81d5d4c7b5035ad10cce63cf7100295e0c51fdda

SHA256
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

SHA512
49da16000687ac81fc4ca9e9112bdca850bb9f32e0af2fe751abc57a8e9c3382451b50998ceb9de56fc4196f1dc7ef46bba47933fc47eb4538124870b7630036

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmYUtfBxc4EsA[1].woff2

Filesize
7KB

MD5
585f849571ef8c8f1b9f1630d529b54d

SHA1
162c5b7190f234d5f841e7e578b68779e2bf48c2

SHA256
c6dcdefaa63792f3c29abc520c8a2c0bc6e08686ea0187c9baac3d5d329f7002

SHA512
1140c4b04c70a84f1070c27e8e4a91d02fda4fc890877900c53cfd3a1d8908b677a412757061de43bc71022dfdd14288f9db0852ef6bf4d2c1615cb45628bebc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmYUtfCBc4EsA[1].woff2

Filesize
1KB

MD5
7cbd23921efe855138ad68835f4c5921

SHA1
78a3ae9ec08f2cf8ebb791a2331b33a03ab8cc76

SHA256
8eaae4c8680e993b273145315c76a9a278f696467c426637d4beab8cb3dc4a3d

SHA512
d8a4db91d2063273d31f77728b44557612b85f51143973caa3cfd60ab18f8c3e4b8cdaab43af843fe29441cd1d8299bf2f139a78e47bf740277b33a377377177

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmYUtfChc4EsA[1].woff2

Filesize
11KB

MD5
29542ac824c94a70cb8abdeef41cd871

SHA1
df5010dad18d6c8c0ad66f6ff317729d2c0090ba

SHA256
63ef838f895e018722b60f6e7e1d196ff3d90014c70465703fc58e708e83af64

SHA512
52f91e02b82f9f27d334704b62a78e746c80023ee8882b96cb24cb4043f9a256f395d24830b1f4513bd7597f8c564af20db9c715ab014eb2ab752fd697156591

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOlCnqEu92Fr1MmYUtfCxc4EsA[1].woff2

Filesize
4KB

MD5
133b0f334c0eb9dbf32c90e098fab6bd

SHA1
398f8fd3a668ef0b16435b01ad0c6122e3784968

SHA256
6581d0d008bc695e0f6beffbd7d51abb4d063ef5dedc16feb09aa92ea20c5c00

SHA512
2a5a0956ecc8680e4e9ef73ec05bc376a1cc49ddb12ee76316378fe9626dccedb21530e3e031b2dae2830874cc1b6bfd6cce2d6d0dce54587ff0fc3780041ace

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2

Filesize
9KB

MD5
efe937997e08e15b056a3643e2734636

SHA1
d02decbf472a0928b054cc8e4b13684539a913db

SHA256
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

SHA512
721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2

Filesize
15KB

MD5
e3836d1191745d29137bfe16e4e4a2c2

SHA1
4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

SHA256
98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

SHA512
9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\api[1].js

Filesize
941B

MD5
9b4851f227e0a68988bcf135476e9b27

SHA1
91aa6689295dc2889b78da16b41b026a3f67e25c

SHA256
9b8f445618050836ea664b0123f0dc31ddbf84718507c355332f50b5011c0f6b

SHA512
3afb1de8d2ee65a71e69527ec11dfd1b5b1883a3100ea6b5670fb2e39d4cb742eafcf781f909babc9570159e7822dec89916536f23e5db6115cc2925ef343410

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\conversations-embed[1].js

Filesize
91KB

MD5
cbf40f4d575cea01322e310ad869afde

SHA1
feaa20ee35497633f0d5011c5fb9b82af54986fc

SHA256
2cab0419b164dcc4f088f1e0a7323a1946392d5fab985bbe28dee6cbd64968bc

SHA512
cf1a32c43e74bb19d41fc7fd4df10ff752bcadc5e144054a073e6418824e9b3b4d1f51938d13034489f9ec13125ad3605279adfa2568e757e44bf442200eee56

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\gtm[1].js

Filesize
406KB

MD5
03efcd9412372087b3d0c8125fba892e

SHA1
33118989e8cebda82c3f09a36a54effedfece749

SHA256
deb93f918d0249403693a2bbdf3b70b875f155de9ab5a7348ab3f9896dc24f08

SHA512
1af72ccaa0d919f680641449cd53eb76a0376a4828de4df0980f68bd3a283689cfde0dcb19fcd64b4eed758249c014c9f0c30f8d5b51cb76ae5f2a41e2ba0e25

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\styles__ltr[1].css

Filesize
77KB

MD5
a0ce64213f4f6193a598de1cdbaea665

SHA1
fec9a873b214601198f7312bcb1bf99204014085

SHA256
f0dff86310e9d08a2d80dbe68bae9367f8cd6cbd4b7d036f09b0702d035c7e8c

SHA512
72da125d31fd39b9b6571286c9b4b35d2b8875c8e299155a4d44742ff2b3fdf9b8cd5a7b888cf2ba26faf4842ea6810cf7d6dee5dc4b7e55aed03c623884356c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\web-interactives-embed[1].js

Filesize
82KB

MD5
77145a720cf77c42786728ce6cc65290

SHA1
7e71265e0a1cf11029362ed8be2ca5009276ddef

SHA256
8af71fc879943fc0936e76f388252ecc78520eb8d1633e42229a07b95e4bcd00

SHA512
744b7de6f7fe894007dae58208775b607cedb0ac75c4a16b08e22cf6e8c21d4d3fe121f39b5aa2b5e10791ac076c6dc50af3a96de261d47bb2e7aeb70a86c6bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\webworker[1].js

Filesize
102B

MD5
f3dfe1a46e91c1c5521b4ed0e336ae06

SHA1
8112055ed07a442dd199c15a8b2c451a3e4b54e6

SHA256
724fc56703e050f8625d033339e4c69746c05564ba34df35003a34ed59432657

SHA512
0570aadedb1ffb2eaeb8a8454004c1ea63109712d07e9f0e1d08fdeefa06fc8cd64c75688a2fe5af7ee314e056bc744337fefa8b5fda95f17b2b0e4146d81c5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2

Filesize
7KB

MD5
207d2af0a0d9716e1f61cadf347accc5

SHA1
0f64b5a6cc91c575cb77289e6386d8f872a594ca

SHA256
416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485

SHA512
da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2

Filesize
1KB

MD5
52e881a8e8286f6b6a0f98d5f675bb93

SHA1
9c9c4bc1444500b298dfea00d7d2de9ab459a1ad

SHA256
5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb

SHA512
45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2

Filesize
14KB

MD5
79c7e3f902d990d3b5e74e43feb5f623

SHA1
44aae0f53f6fc0f1730acbfdf4159684911b8626

SHA256
2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff

SHA512
3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2

Filesize
7KB

MD5
7aa7eb76a9f66f0223c8197752bb6bc5

SHA1
ac56d5def920433c7850ddbbdd99d218d25afd2b

SHA256
9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

SHA512
e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2

Filesize
11KB

MD5
15d8ede0a816bc7a9838207747c6620c

SHA1
f6e2e75f1277c66e282553ae6a22661e51f472b8

SHA256
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

SHA512
39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2

Filesize
5KB

MD5
a835084624425dacc5e188c6973c1594

SHA1
1bef196929bffcabdc834c0deefda104eb7a3318

SHA256
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

SHA512
38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2

Filesize
1KB

MD5
57993e705ff6f15e722f5f90de8836f8

SHA1
3fecc33bac640b63272c9a8dffd3df12f996730b

SHA256
836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

SHA512
31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\YAeXDIeLrqaTuqvHjT8o32uxA5ggKcNoyH5bEzCB0AA[1].js

Filesize
18KB

MD5
6d2aae78c458a5cd5b087d42587342d9

SHA1
b43f5d8c35cbb62cca8c7d79dd00ae6889494fa9

SHA256
6007970c878baea693baabc78d3f28df6bb103982029c368c87e5b133081d000

SHA512
eb61ca012f32ff5c54b85eafb4cc2b5e02b48cb085e691dc0fe28a55af17ac3bdf84b6f95f85cc26a803b344cf5caba5ab61342243d90c43b6e69afbb82de98e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\anchor[2].htm

Filesize
48KB

MD5
9b3ff5f018c3d5540bfa7b4603e81bf2

SHA1
96748edbebc89efc19599d11034cdd79b5107cc2

SHA256
b6e3ba34dba5ae0120379e6e5d88997812bfb999f2416c12430dd42a07f1f8d5

SHA512
667da7c4a298ac65726005d8f9bd68f69643ff32dc675046a230b82f18ac18e31742c1c7bfcd57318aa1c542776645690ee12d65eb84db29a7cd52523e224560

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\7940397[1].js

Filesize
68KB

MD5
1c104af5b24b5063ee20bf86eec00743

SHA1
84a9e9711efd9c200518cff9a683ae3d8fb240dd

SHA256
bde141ff368e6a5706d33477ac5bbc1224d81a3895200278c137970222d25f6f

SHA512
5adb4a3663e4d8e87f074d929538df632c934311b8c01001514c9b8309e4fe064e13fb7dab4485172624707fd8d66bc7d48da47c1b1a085b3d0f24d23e46c06a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\anydesk.min-a98a7d[1].js

Filesize
9KB

MD5
3a4c915534e0415faf121c1c94e2f1a9

SHA1
a98a7dce5d514da8e1b4ff70fa0aba1cf4593336

SHA256
da9403e54639201c69202a536bede0a061e95a00682b3ff5cac6307fd7fcb5a7

SHA512
b021964b396483c8fe4758b8cae24e1b3793650329da3916547533752b7763f6b302d49babc87096513018f94aae6f4335ec4cb2a064aa5241122c14ed4e7c47

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\bootstrap-select.min-44f87f[1].js

Filesize
51KB

MD5
ba9d5bbe072f5626909db4e31da3ba4d

SHA1
44f87f163f71d0bac27876272fa98f615381fcf8

SHA256
6763de73150d26e3296cd0154ff12dede3b5d39251c734c0ae4f8af4e437e4cc

SHA512
0895e0de22bdbfbcb25af8e4da7a579108cd4380b55044b5ad068d07b77b6601155f66bcff6066b439ad4dc956e226a5d70438d5c537e173f13b0fbac490664d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\bootstrap.min-0cc93b[1].js

Filesize
58KB

MD5
02d223393e00c273efdcb1ade8f4f8b1

SHA1
0cc93b8421d89c24a889642428b363cb831de78a

SHA256
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

SHA512
339296df3b6e2080a65488634aa5ded35a15d9ba5edb8f203b1aa695c62b13302fc2cecfc37cfa04ad2219baf0bddad4414862dde5e0b71a7923c3c3a3d61f8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\jquery-3.5.1.min-d2cc8d[1].js

Filesize
87KB

MD5
12b69d0ae6c6f0c42942ae6da2896e84

SHA1
d2cc8d43ce1c854b1172e42b1209502ad563db83

SHA256
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

SHA512
a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\notosans-100[1].woff2

Filesize
12KB

MD5
cc1d2549a757a69611f867cd5cd749fe

SHA1
5e3cd027ca03baf273f356dbe363348e8a6c85f3

SHA256
50bd0b24431154b66ffbfae363aabfda8b04450afc6fc530c3664e9764ad9fb8

SHA512
faf00791561ced5b1fb99744aef91dc49202bd4251d13f4619c720cb4ade449f1c34f3bc2d2cd39f6c016f697ba462d51b802ad51ca05084fe41764295ebf079

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\notosans-200[1].woff2

Filesize
12KB

MD5
d00ee02b7e0c03e4d99e7cc61b11ef33

SHA1
fca261bc985168826c92fb9fe1803738efdf674a

SHA256
c3fc7d60e0fc222819b3b2ca56e4bc1d76bf35912c6884a3e3272e4d44419376

SHA512
515990bc14f72347ea4572b90d161c3e613abe91738e47d3b7527ab937f83c8c7fad1c40418d52646a2d291c9def04c5877899744bcd52cef8a10ff31b9e45c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\notosans-300[1].woff2

Filesize
19KB

MD5
3527bb470349d55e3255af2ac2a8021e

SHA1
db4e1128cc787a4c4345b386407a55c07b2f6bbe

SHA256
1eca1547a04ecd9d089209c64e016e98b0e116b36f31f321dda38e35295c4033

SHA512
87b27965c61d4e5a884c96633801a8e4633338258ef3a56262cce92afcf5040b624689f7e557428571a81331ebeeb34ca53c1ab7e6311cfa1d14baea5cae101d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\notosans-400[1].woff2

Filesize
19KB

MD5
a25f306ed2facfb5cbefb7106f495b71

SHA1
0dcf91452642f34a67f03a9ba9fac5a5edc4f4ab

SHA256
26404e29b84e22c7eb45fc58e72e40c3f0606e010be62501d5dd38ba8ed596e5

SHA512
8858a14e4023fd597e6f9808508947323693bd4406d880697b43885cd38ea5893ed491d14dc3420c2b02afb01a023286b6e8e343e1f98391250b18419af6e3aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\notosans-700[1].woff2

Filesize
19KB

MD5
7fec4ee57dba93fa701e90b7318bf93e

SHA1
871f2fa67a7cea492ecb95eec5b127a6fc5cf36e

SHA256
aa40b219d13408dc9a404b8c9d8fcd2a5cd51d3cad9243a4b97c9b315bf1065b

SHA512
c803d3418b66d307ff2da9e68d53ecabb77e2c7fe9bd78bd7046a45d1e8fcca3db1f1790ed56b262ce3ade7488fad3b335b602ab4d0423680ca811f0968b6b65

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\popper.min-60cc59[1].js

Filesize
20KB

MD5
1db8fd79ce2e5d14918726b61342318e

SHA1
60cc59aeaf869038b749d6fa19a85deefcdd8c8f

SHA256
d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab

SHA512
705c7e0df9657b5b15f5fdabe9509d23cb838e43cce8fcc4c8fdafa36ae651b272e7b7f70e76f43860feebded3e8362c146764636383af555ae0983e33b3dc30

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\N3IX505F\www.bing[1].xml

Filesize
97B

MD5
9e8d8f362ee202ea20edc912d3f315d3

SHA1
b0eae60ebd332d76cf14ee0add20a9ddeca09657

SHA256
7c1742cb75ec65d48fb0891f224bfff2c783ea7327d6f721e2274a4299b024ad

SHA512
99ba338eefa76175f84b55b946820aa7b4b124522e5f3c8a68e4746cc329e33889f95890cd1c75f5365fa507514ffe6e4a13c3a6fd0284169f5d21510e77aafd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\N3IX505F\www.bing[1].xml

Filesize
1KB

MD5
597b36436922806a749b0cee45406c9c

SHA1
ea0d67fda52a96ca3a69c9daebeb3275fbe4f91f

SHA256
5e95a6dd7e551137a53811ce19f7562bcd7f9022d384888da52fe6aa3fe0584f

SHA512
8d9db24223c9565787397d98423a998798e7630d58d28c734a21e3b32a0c4edd92ea1d3777048b8535019f11f06082fd200588f562b0e119ad2138d466092d72

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\C55BHVKB\favicon-trans-bg-000-mg[1].ico

Filesize
4KB

MD5
5879b2763fc53367a29f1e64721976db

SHA1
edee687feb0438fbb4fdf6e0b9bc941f2a0c464d

SHA256
b5f794efdee46f6e8759441cfb2bdc36640f50e47cad9f11cea18bed48e6c43b

SHA512
6b04809dad6d927b7c9fe0d674b8e14c9bb374ea069558e53468e33da76be44c8de6221f90f719462bcea90bec1a90ece58a706e440229ec78d81ba9063ad0f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DIHW250H\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DIHW250H\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G4Y1WOR2\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RK0L9ZOL\favicon-32x32[1].png

Filesize
3KB

MD5
b31057c5b92f990388888855e26a1859

SHA1
d029f3f881da8696addaa49166e591ebdd303f7b

SHA256
3b84d3f316688bc42bad20747781ddbd9435993e1013fe4db3fd40c83eb365aa

SHA512
e75ed5d019146d0a4a3d3c9b0466bf9af5dbadb1ff8e9f5ac8b62e8d97fd3e393f17b8e7311185670d75da10a6dfd38cdfd323ab22d9ef667ebc8ab0628f1a5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC513A958FA9E5BC2.TMP

Filesize
16KB

MD5
ba3cc6221cd0c4c82d2d757b37c484c1

SHA1
177987d99aabae39336a332614579177a3cb8cc7

SHA256
3ba973c8aea81ba5bb61f29c0dad1f5f422ce63408241d844f56b6d839eb9208

SHA512
865046e3961213a4e0ecf8db66ca5b2bfecd25c4b3552966af1b1a9f7315cfecd4b6e9383465b29c36e7e5672800f44b2dfd539fde7d7805f0b1e736be282b32

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe.zvpf7bs.partial

Filesize
4.8MB

MD5
ecae8b9c820ce255108f6050c26c37a1

SHA1
42333349841ddcec2b5c073abc0cae651bb03e5f

SHA256
1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069

SHA512
9dc317682d4a89351e876b47f57e7fd26176f054b7322433c2c02dd074aabf8bfb19e6d1137a4b3ee6cd3463eaf8c0de124385928c561bdfe38440f336035ed4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\AnyDesk.exe:Zone.Identifier

Filesize
172B

MD5
649b3c70019cea892b35e6fd47944cca

SHA1
daa153049ba602daa9379a57f625c9ba9ed468e2

SHA256
97711838c436d54146906fbad1f5097ed42d503c3fd5feccb57d9e79ac40c1e8

SHA512
2dbbff0087a941f9142e3104385172bb18c08e44670d4f2e2288e924b1861d613448eb07714e66f539adeade3cbec32212cf9447c61f2c775f7d4b5a5f86e4f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\AnyDesk[1].exe

Filesize
32KB

MD5
9f86c077893523e3f80c92cbb3eb1a07

SHA1
c73fdd5f482e0ef0e317de628d445b41e342353a

SHA256
ce44e4e6b1c3b224b4c96b64d989eaa152e216cc8d25da05e8547dc3411cb1bf

SHA512
d1a255a4cbe20f1af3e9a202687383a27405a44e33b41626d7f78a5e9cb7f532acaeb3092385dcdb94a5d0671a7276708156df0c0427bea7a1d8c90621d9614b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
313B

MD5
4bd881f39fd29e1ef21b99efeb85abd2

SHA1
fe682f5b56a95bc53043b2e9a6f3383ac9904129

SHA256
6f198f9f7d7b43c7ba782a9ba716d52d7d6e67022644eaf69b3b29d735b10fcb

SHA512
805d35ddff64ccc035d4e24a8fa3182783421e8c661756c66f8e0b369a0d97f94693eee8854d5f0dbed7b0b00d346363e3a383f28ce20176004787b501440179

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
44b794d40025a57385e05043f20aba90

SHA1
13c0d991ad99aa3b9da04512c0e3c39debf97e6c

SHA256
d0f063c776060403b7b08c0d54733563b1e52c66496cdfdec9e98f0350099318

SHA512
a39815741f2b3095f4ba1d523bae58c743947d758b3999640335cacece9e68d5b5c0a44174f1d6c41203d833483407321a465d0bf981a3ff56acf89549670384

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
404d0004da0084fee8d1d6e18a5deaf8

SHA1
22738b1f8e769ca1dd4471949bd0a8d95aecd7ea

SHA256
3be58c75af811da6ff6dbbde7d764cc90dd71f3d27f37c3298163f237d1daab4

SHA512
75cb50d70742e1a1f16ec6fbfcbf35d08948367ef3d17976eb2973d1f913ccf1e04a57803e13e1431976e14a770c44ce250103d853cb137588fbb81902bacb6c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
43KB

MD5
c412611d08a31bbdc061556f3f87604a

SHA1
b067908cfd452389646d325a93745e5bbf115401

SHA256
0eb8cf26115e05f3c1fa3bb5aa36391b2dc588d017a3469ad2a334dabf38c47c

SHA512
d23a7aa179872934af9b6eb5a794934ba59d0ffbcf7a04c2ff3d51021617077437b0dd100fad1e079ba66daf6e8118ab9282267eeff6ccc67de9851438b48022

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
5c6033d7bc46cb49661f31d455f4a442

SHA1
5652b15ac94fdb1c8a6924f74302651b9b3ce1cf

SHA256
367cacf83b92b326458b8cdec3101d55fb8111a381cdfe0682a24ed6f85f5ea2

SHA512
17a3d8ea58681b1576a92fb3c0bf7ff7094aeb272865ac099757c11d60613727eac6e79944764ab1220d0270dc9e6449f0bdcbb8a22e7a8a9e972253c7ba2795

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
17666f7510d739d87bd383b82ebc0727

SHA1
ad344429f73b595d5e776c193edf5af86fe5277e

SHA256
029bcfe0d67949d097afdf59010685eef55fc7c680a1625d8742cd6ab84954b0

SHA512
0c77fdda93d24bafaaccc6d1ea2474e00ba9523c85a7a8809a9b60acef43051f75f72a014a3cff5d26d0991e4dca7ae1bdf7fe5f9b83733f5e2751396cce4cf8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
1256dd7668c81bb558316044db305225

SHA1
57edbb7ef16bf5bca034679b72388dcc9bd2a51c

SHA256
48e365c24fa3ffc6f12f194ef98c5b88404e1a04227b19c3f2016eeaa9b0bc61

SHA512
ef915bf6c1598f4e94e470f5e163ee6df3cdb8fbc8ea0ea4fadd1d4e2b989361c550e443b4175be84593dd64e34186fc438c0b7418ec1a4d082101ba0185f356

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
08981eff69eaef93ba1ad79319736930

SHA1
aa5cb4d7d0a7109bb2a3295d764c5b9d6b83235b

SHA256
22d7c4e9d10e6d91e5526afdcdc7df9886ebb193ab642950813b062899389505

SHA512
05196dafba22c607b0ace97e6428e442ae43659fe9e43a3a5795cf621df9ffcbede8b6aa47b15560f7f41504f3d6a49c79fb4fab7bbf847694e2d25c4014847a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
076fc68852f47010b8212895e969fd61

SHA1
f68d20662b22262584480550f0bb7bb2457d196b

SHA256
c07f7302d559c8d0e9653552fc0e973f44636858ed11c32cb3e749e8faf93b99

SHA512
6f9ef825fe601820d7dc6104132658b272599fc7304823760d00756090bdd320eb7580b804a7ca543647085cd88c686684f84acb62d6a4f0f0b1e848432773ca

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
d6e96d0427a13f1172e89f2e734c18ed

SHA1
8d0bbffa34c997b1c68370333c4f3892467f3a44

SHA256
b21100dd1e76b17e9860a4099fe76d741fe69bb72f8ada16af6b3f603484ef7f

SHA512
66be38b06c8301837c538c3b177dc7f86c23377b8ae1ce596c73ffd00c6d105d9d494d9968c0d84736899dd0c7facdab52c6a219768aa59a9af35fc57f2ff242

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
823B

MD5
e7d5d703057222b9b9233ad9d3d3d8da

SHA1
94b579d2e78009832cb56f6fa4dd68dae8df8041

SHA256
70ace21d49081d74fb2031036b3f7949d60d293658eaa0381820c5a37b4496bd

SHA512
f2bf2773452a1639709afa7b3c561915853fd5564cddfa923aa6d0d4445c8cc94d1784df3ba1f0cfe191c8d5bdd4d2ad0d86f31d3a36d4981ae987069b8e830d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
831B

MD5
66264684d4f248fcbba96d5edd6ee57c

SHA1
fb43229e5c8518b89ed66817b5c8a8ff1ab9a3cd

SHA256
c0f194b83d00ec4fed80c0a4dd8cbbe5d482455aa33cc550037e2ecd9c767f72

SHA512
6b7d1e5d09de608eb6d87f2bb50eb12694bf54be37df29c0640e8c1b208b43c6311b3ec415783df8cbb30a7947999e17f208cacb23514baa564f7a3e957e26ca

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8f35bdcadaf892952c640c1a157b98e5

SHA1
f2ac37b466e37fa4c61a783dffaa82ccecf1f0cb

SHA256
6efe21d6edd3f55954cb466f43c025d9a9eb788d3dcfaff0d40e5d8951241e51

SHA512
57ceacf1597262217bddbdc4b94de8a7c9be655cda2e712e22658a45ce626e28396875378742af5fadfd7c143c0aa7608e830a6b16c083f59bf20845f0ba6f19

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ad18ae7c396ead6be6a7dd2cf75a064e

SHA1
105a23470914460eb55dec1f0caf10fd51a94be9

SHA256
cf18aa08ac80fb7dec32289c4f585e00c3e780ed9af39118615dc9a794bdb9e3

SHA512
9f6ba79d13a5d18f04b06c9d11f42a48d86837acca3875cc4887af07758be7e690ad8085870b5e548a00a8265e9f21eabd176b98d4f380ac22f10d141d4aca69

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f34a25d4ff8b14f017b034b5df51c401

SHA1
78194ffcf4123fb2f4ee952ae9e01ac0be130d28

SHA256
d9ad6bd445a66a3a57608d93a029638b27dc7bbff3b547a3de00b8d2b52fa57d

SHA512
d50437af99da73b65c885c1a48c48e081cef996a039eda56fd17998a60689d4863ab728868c0b4d538fbdc3e549e4952d048cec4b377184e482a1bc53da4f240

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
981c1af924f1e1d67b2b9ec6259784d9

SHA1
816b60fe3c7f7f1111c6f8857e37c4b8e3070f0b

SHA256
5d7cf069452616b92aec405100932cd5921fd8a853e06c36533bf15b8bbb08cc

SHA512
31d5eeef94328a169b1aec512a9bb2116c87d185b9ea3ebbb8deafac455f6678723c114da5cbdf0204f6a06e1ed291dec70d1c9dde0ea59209b58d432e8ac2a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
3984329b4547b3bae9058dadc60c7744

SHA1
1f096891f06429f2cec99cb096e7136f4236daef

SHA256
9317b51056751a736bd1d6fec567fed761332435c0c144fcd40e7699aa46d703

SHA512
a693992c5076acaf1fb28c001c5086f169e671fe4c8a371ca7f348c0bb3a1866e8b55a345f14149febd70e2064e585b76240f2224b3e1d8f2db59d20592eca22

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
f6a14d0325fb58e5b1a400053d8ff7d7

SHA1
d52838d0e7e3237dd065e77c29fa1b4799187b75

SHA256
0a89321b1e306dde4eb8a8946e87f82a9bf6ac51c2946a6200fde9739c673361

SHA512
beae62176c651368b5d34860f3c6dbbe760e85da848a64bad7781e7e5296a10781d7d01cbc51c9a3ef684e0026317235735d7e23dda28516d755214b8b3558b5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
77fd762ca6738aa9a71358b5663bccb8

SHA1
dbc4f7b8f8af11cd06293e6c4234144b57421f17

SHA256
a05148890e88385c52cf8a27f37d99a0b2d7f2a43377b158f6f3e274f01eab96

SHA512
ef616f3cb3100fd07a563b3e9232abf5f3433e84187f6965dc598182911815b4883eaff28023b9ce7b6b797cd2d4d704d92dc8f18abf1b21d2365a6b69210111

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
339e5a3eb3dac67045644ed7a459df5f

SHA1
9cab7d23df539c268685b7db710b97918a3e201c

SHA256
f738a17fe43003a54256d63fb0fedb1a96f53fb5310fe09d7fac747d43baef54

SHA512
5bcad2db6c4bb3a48ec2b4f83126f82436d60aed5e5798d0520a6984cf128dd61a5969891c53a1b74007f4ffac3ab74cb123788a4f027bed1d98dba62506b8e1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
1a1b1c375eb2b2c735752d216f1e1363

SHA1
71f507a067eff1d59964d195317bc7ead0d525c2

SHA256
1d965dc82197c4139d5d5f5aec14e3c105158e3a6cb6a293a3b3eea285aae9fd

SHA512
3703f1d769686409c69ef7c173620bce23ca685bcf3da9751022866a4ec03995cd25fc1f6425a2544946f83e84f3ae95b7c589bc20d1d5d9c3a8d00a243feb7e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
e8e3ad883b5f13bf59a51dd8fb0ffaa7

SHA1
23a8ad912c2187d5442a1a7a1a1be0265156111d

SHA256
dfaefbf450b115d82e6d4d217f03153c665d50f64074c75b20ab784c5b852bfd

SHA512
902f9d21126cad31f073d8dd5a1843ca12480c08e54e20882a65cceeb1fccc636e27e09d61243dc28078c012ef758b7430ab488291f5d89fd0f669e3f5ee7b3b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
76cc17db6a6ffb8f5d6fc12cc0259bf1

SHA1
189c556c9614c0e977802f64c7c082302f32f637

SHA256
9d4c97f62005dd801ab90dfe44e7d4539f3311a85565495c1d58d3565eaa9d91

SHA512
f7458ae0480f6c4a7d878dc337e23148d6c868782127c0922d16b5fb0b43c49082db502fcaf62ef77695185e477d41516c338031b7e42842d63874b8d9ac9ff4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
4686edcca35c1ee07e6010ee1bc75aeb

SHA1
0eb16c5211e246028ca4261d9a6340eb7473e42e

SHA256
28ef4e59f272c3c132699daaf2cb442d6ee8fc926d5421f624738cd52e25ae7c

SHA512
37b71d498fbc148623c3d507bd5ccb3f8851e333f357e59da4a31fdf1740da7a15c04c459e9244a6f50e3a3b19879e9f8453380c7f65b14a0b6177b5328af892

Download Submit
\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
memory/2444-58-0x0000015D789D0000-0x0000015D789D2000-memory.dmp

Filesize
8KB

Download
memory/2444-53-0x0000015D785E0000-0x0000015D78600000-memory.dmp

Filesize
128KB

Download
memory/2444-52-0x0000015D78F10000-0x0000015D79010000-memory.dmp

Filesize
1024KB

Download
memory/2444-56-0x0000015D789B0000-0x0000015D789B2000-memory.dmp

Filesize
8KB

Download
memory/2444-60-0x0000015D789F0000-0x0000015D789F2000-memory.dmp

Filesize
8KB

Download
memory/2808-238-0x00000158E1590000-0x00000158E1591000-memory.dmp

Filesize
4KB

Download
memory/2808-16-0x00000158D8920000-0x00000158D8930000-memory.dmp

Filesize
64KB

Download
memory/2808-0-0x00000158D8820000-0x00000158D8830000-memory.dmp

Filesize
64KB

Download
memory/2808-35-0x00000158DCB00000-0x00000158DCB02000-memory.dmp

Filesize
8KB

Download
memory/2808-237-0x00000158E1580000-0x00000158E1581000-memory.dmp

Filesize
4KB

Download
memory/3348-44-0x000001AE09410000-0x000001AE09510000-memory.dmp

Filesize
1024KB

Download
memory/3348-42-0x000001AE09410000-0x000001AE09510000-memory.dmp

Filesize
1024KB

Download
memory/4592-133-0x0000027B9EC10000-0x0000027B9EC30000-memory.dmp

Filesize
128KB

Download
memory/4592-425-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download
memory/4592-113-0x0000027B9F160000-0x0000027B9F180000-memory.dmp

Filesize
128KB

Download
memory/4592-270-0x0000027BAD200000-0x0000027BAD300000-memory.dmp

Filesize
1024KB

Download
memory/4592-318-0x0000027BC2D20000-0x0000027BC2D40000-memory.dmp

Filesize
128KB

Download
memory/4592-325-0x0000027BC3010000-0x0000027BC3030000-memory.dmp

Filesize
128KB

Download
memory/4592-341-0x0000027B8DE80000-0x0000027B8DF80000-memory.dmp

Filesize
1024KB

Download
memory/4592-403-0x0000027BC3420000-0x0000027BC3440000-memory.dmp

Filesize
128KB

Download
memory/4592-421-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download
memory/4592-206-0x0000027BA6D00000-0x0000027BA6E00000-memory.dmp

Filesize
1024KB

Download
memory/4592-426-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download
memory/4592-427-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download
memory/4592-101-0x0000027BAF070000-0x0000027BAF170000-memory.dmp

Filesize
1024KB

Download
memory/4592-430-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download
memory/4592-429-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download
memory/4592-90-0x0000027B9E520000-0x0000027B9E540000-memory.dmp

Filesize
128KB

Download
memory/4592-89-0x0000027BAEDB0000-0x0000027BAEEB0000-memory.dmp

Filesize
1024KB

Download
memory/4592-428-0x0000027B8D6B0000-0x0000027B8D6C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads