fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2025, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
50	discord.com
51	discord.com
49	discord.com

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
3548	AnyDesk.exe
2760	AnyDesk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804827619433116"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: 33	2624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2624	AUDIODG.EXE
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3548	AnyDesk.exe
3548	AnyDesk.exe
3548	AnyDesk.exe
3548	AnyDesk.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
3548	AnyDesk.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
3548	AnyDesk.exe
3548	AnyDesk.exe
3548	AnyDesk.exe
3548	AnyDesk.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
3548	AnyDesk.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 2760	636	AnyDesk.exe	85
PID 636 wrote to memory of 2760	636	AnyDesk.exe	85
PID 636 wrote to memory of 2760	636	AnyDesk.exe	85
PID 636 wrote to memory of 3548	636	AnyDesk.exe	86
PID 636 wrote to memory of 3548	636	AnyDesk.exe	86
PID 636 wrote to memory of 3548	636	AnyDesk.exe	86
PID 4176 wrote to memory of 4716	4176	chrome.exe	89
PID 4176 wrote to memory of 4716	4176	chrome.exe	89
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 3012	4176	chrome.exe	91
PID 4176 wrote to memory of 4920	4176	chrome.exe	92
PID 4176 wrote to memory of 4920	4176	chrome.exe	92
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93
PID 4176 wrote to memory of 760	4176	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:636
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2760
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc7eecc40,0x7ffbc7eecc4c,0x7ffbc7eecc58
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3432,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5108,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5296,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5344,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5336,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5488,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5612,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3172,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=244,i,934417286152176482,17076658732386101016,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\43c787f0-30b2-4c1c-b516-0943e2978a02.tmp

Filesize
9KB

MD5
91908aa845005493359739d82e9f4089

SHA1
7f3e303b23ff947d3287c4cba658a9345e8a5a18

SHA256
b00b31548006f75c78ee665d5bdabb6844bb0de985c4877ad07c09f29d5358b5

SHA512
8d53c6172eca8edc9fddb68bf835e3abec01e939a55481a658b452e60984495366b3c7fcf59db81dbacacb06f517d7f83facc3fe6fe8ac01a39b23bcd0f50e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
27d7a06957f7d28866a50ac0600c9a9b

SHA1
bb489ac649c5e8fb687184cd549b8cc5d9de099b

SHA256
f0d122f13974fa2f9826d0ea9a229991b5e1f4c547db487df2923427aad140c0

SHA512
2fb85de72f028c478caa74f5198529d3267419a8337d61d74f1b6ee3341abf9a2e42827d9df4b0190fc43cdd2baf69f5977b56f0f06e69c3836ecb949376770f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
366KB

MD5
8af9c9af250339f71eb9d036f3310893

SHA1
7a8cd64fd10508d784ce30de59fd286e4dbd3375

SHA256
c719d3d86df635f70d00e2fde56f0a5041bb7e1d6ed3e2115b850d9e907d49ea

SHA512
6d0643026fa4be31137c0648f1e021ae32e2e9e0d116e7aa2d2424bbf31a44ff827e6d7580c9b00d13d67ec9f69dc6f6a6780a78f0b8126bd9111a8c1902219d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
3a86fd785a37071dbf27eb6623c21f52

SHA1
b58ded295ee5c6aa6d4628afba33872b286f2c0b

SHA256
5336147d907c97186a9733f3b3c8c1f719c0d05613642bbe7a28f054ef46c322

SHA512
95ce93efbbcc9a050f1869dacd3a3046139364e5dbc6839c0cb45130bbea07adab56a02ca2977a646f74e3b1411f8bd0a8da0ac7f2c737924321e02e9f4759d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e2910e0ddf3617ae7679c181a7c215c8

SHA1
4e0e44c032de605a7e8f545ba1df50ee94ef60cc

SHA256
c266c58ef56addc71d03910463acf49978af475c55654d32ce29a12d3017a157

SHA512
3dbf0a122bcfea23e162b270ed4c1268d84482b49f5c96650a89d7f39fba3e627dbd0b96937ed60828dbc4e142e26f7efe02bbb1ebd1f698d0d699dd8321178c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1f906aa9cd831caef03e711d5b69e628

SHA1
0fac91e79a4219a7900b912fed9afbb0a9949ff9

SHA256
6c15786ffb68e6fa5ef30402f03bd31963b788617c223b8df74d86dcf3d63cb3

SHA512
7d34810bc4625a609db306499f3b316a0e7b9c35f391585a4c90122e3f05a742e3c23c3b3b629ee64ad772eedadb732dec45086145d814c11e0d80a7c58a3936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a5b7f3c990e6d772d14ad795caec9c93

SHA1
f31ee0e119f5a848d78dfe02bef6c01fda5e5175

SHA256
35ec06276f63f01e8fa1bb5a376cdd1e5e426403a18f0a63923695f417dfa1a7

SHA512
dd1ce5584dcb8c47f00a828cd1b96ed76acf1fc50fbb031b4c05f90cc8549830abbd8a984b0591b95b60d464daccff10355ab5462b67bb1acadbd398aeb555c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
41062ea485b1ba08919049e17e25bf50

SHA1
d18b6f5f94abb715160779d59a4fba9d62a34b5f

SHA256
a80608a8d6a7b71c516f29d42c47f19d168572c88cd9bc90bf0aabf62ddbff4a

SHA512
3b23f0267484023cf601f55771183ad736732216852b0d2e2131228d451f5cf8d0c4c48b27cd33b374a4b1dc095757647183412ad19465e49e737fb1e453db01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
64474f77b8368c06e4d3e201df733752

SHA1
855cf7b94bfd9facd4211d8af2b4c62a5830a0da

SHA256
5825791c907f246f650894c8da79297652f0307690db943db7c42a4f68112ca7

SHA512
f4255389f7ea9a4d60a0e093314b40087752c67dc691168f46e3658e28b8549f901e3dc28ec5bff1cfd135a9b5a44671bdde6fa782a279b42736d87a2111fae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dfac90c020d8ff23acee2d74806d412

SHA1
760041f073fb7d2f65d49e4e6d88103bbe77ee03

SHA256
259117462ecd4dfbcc59cdd9651b84a22cb3cff354f4b385498d8627c8edf80f

SHA512
660f5bf7cb2537c0eb2fed57b792816feb536eab38c2894a6a642e9baa0e628fa8d130ffdaef05460ddaf657518bd1d08f705c6f67bd6ea27eba68839a3b9ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07ba4a3b7de0ab8eb3de33e847206194

SHA1
29947c2f7be2bdbe26db8f832492aad11eff08e9

SHA256
c41916664e82768833db1dafed2fa24788d3fef28077544348604d9c3b800291

SHA512
84c34b7a43d45a3f2e9a0f00343a702115c606c81422250fb3367aba48682496ea2c3b9448767d1ef0ce3ccf2b8e4d5321d229f4d017d4fbdd3cd15f655ab4c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1eae1fa346297430107212957d8bf264

SHA1
5d34762f3de45e40a8d51f6b4f026c43a0d93581

SHA256
42b243754efed71940511786830500f5e7a0443b0123685e951bc289fae3a379

SHA512
2671e6f74969103392b81359dbbb29bceb63bfe61f80f5ed6e77fda26338a3f5dd9e792a989947144984c1eff0ac496b00f09158a7b036773c8e9c572587c194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0fb9f213818e4c5144806c6d289e1d01

SHA1
a1456e26d9142ae9de3251ee5645b4298170d429

SHA256
58d8ebbe4e17147ea06c43608bbaddee96fa82dd6eb05b1aac2e95f95b826b6b

SHA512
d3edf33998dc5117466602b2ec31e3b31cdfa3d99ab1b05bb958b697dfa30a1c8ca9e7081a1cf8378fef99f7b50d4549410b651d454d27096f9a7a57e6593360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2120a1e73816cae750573cb275910f7a

SHA1
66153f4086d61d668082406f769804a41663edf9

SHA256
6cf956a38d3b3b936b1fef733d178cde7ef5bc823fb9df752d0fe60d49ebc484

SHA512
2af8e6ac2acb82dcd4b59d874e5c4c4fbd2ec4da304387832ace087bd8b3a09d537d4ab3e9601e0b78dc331549a7a68ae787665d9dc92d780ef24b72f9c64129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97b52d8be876afc7f4ec24c8e2a64eea

SHA1
392f3a1be7a7c44dfedd6c83076f836d50d705c0

SHA256
0f4b3315ad3eed71569b340e20a0d1146181e5e6dac729f3dcb89a8ca9f11682

SHA512
2fabb32761cfaec2bfca15c4a8a5a64bf86747e6ec805641ab3fc341905559d0f105f6d80f657dafb2e2617cbf18f85eb653665bf8349eaee48dd5bc50335f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
544fa745751ce940dd9930ecc9960c01

SHA1
f6a336b9bda13615f579ac39b1ca98fea8692ce3

SHA256
914eaa0e4e02ea25afd6cd3b461959c8dd4cce3f0e328bc0140ff2c6ef052958

SHA512
2beee225f47e1fa5760818d19da48447501733d8be897cfbe2504b9ec829a3eabf5403095aacd2faeb4dfdc1bed83240c045d3e6132dde85b7a2feb7d84ab5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de7fb0b205b5a478015e17a2bef0c18a

SHA1
639fa58af624d223f3656f62bee3a7c1e12b503d

SHA256
5e0a2c615551d166c11ba46233de82c1d7ee8a0adbab43901996b642258eac86

SHA512
ec4c13f011e1f8c6128591f91e1458583e7dc2f100145f17001e953d970a32fdbd202912fecbeb78d54a58387b8a4e8cd4921d7dccd567f5c412692516cb038d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7f87b4042ba4a92b5d51cec4ec3d8a1

SHA1
94fd328c57f62a1687a52ef1e1f8d90c9cd763a4

SHA256
0e2e129bfa01b716660717d092f23a959b380f6f1afa68781f8372155d3f436e

SHA512
20993825cc55f448844e73d3b5489cb783d777c932fa399067b2a47a48b82f112300331b3d627b815b619584923804a7282d4275272898e2a7f7dff518f7fe0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b7f12101974ceaa9b70d908a12ce2f5

SHA1
2b03bab472fc9cdcfe937938232c88363ad108df

SHA256
0356021396034ae2c24605b7c0e700be24741472e39ba3eec79d5af1f3815965

SHA512
3c42f7db3c9425eeabdc7acb517ea6fe15639b008040845163ba53bf3063f54a0ce33457fcc9730c6e7e8918b1edf59622677dbdc8320bda8bdf237043dc992f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca2fb167f96c0a63c3962ddd2712595c

SHA1
f2c99790647135e323910aaa60b420707b5f86f8

SHA256
1bf9088bd841305bfca58f73ff0deafc8092acc452232d6cf6bc98955ee4bb3c

SHA512
ecb8ad3ac9c6758970f49849100b6b6e2fbc1524e776b794bc12a32b0dc0f433f590eb036135918b367bfae18a9e1265b1fbf6737391e05af7eb041f3ddd5ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71186ca418855bed6b84c18065f376c8

SHA1
b73a22bc8a45957e547ec8631ab19c5b39dab472

SHA256
94e1609e0d84b153b0a586fcf25fca9475dd0ced3606933643b5551ea59d9ff4

SHA512
8f35895acc1ce341bd7cd07a01dc4f494a14a67a87755e23d7ef47e493ad78e67c39dcb70b77fc837407b00ee3212f248fbcba1e3ffa31527ed1ff33690cd398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b0cc58f4014e859695e083290de6a15

SHA1
1016bdc05bff845c4587a585b91327f826a8203e

SHA256
b2b84f3a8de413a5c5642efb12983ac8b198ef5a3d29c9d370f2df9cf446bdf6

SHA512
36c057278f9f753acc488565cd2b1c686ffd9f026dbcf042d12b47e431d87854d7b51bc769191c0255f41575f669dcef5d97fe7ecdb83c7cae0f204e10c526f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72d1a20d442c773684af3341a17cad65

SHA1
cc854dd5f7a12704da0bacb13f6b9b274a2f4d62

SHA256
49102ae7aefe6c3296734b7a59f2e7a61087f00ea748dcfd84123af978595e2c

SHA512
de0c3b7c1426048d9173f5df19184c5de39dc427bfcc38bdf746bba759144b172ec979b6fc8ac8848e8c48258a1578ba56a5572c50e4e93ee7450da8f4af6a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca6e23a147e9a72ae7262af65761eee4

SHA1
4a60b0c0e668fcdb53982454017e56f6ae0dc703

SHA256
cac41e3ffb441f4023c58e549b0d2259526293b7c90981341dd40f8bd5b59f3c

SHA512
ef497e4d21da98fb4886b1ffe650a6928060d96805a7fae32e945d43fbf621567d0409119f66b0cdaf44fda6d8f8a1cb82834e36716e9346aaa7e27c3a6d298c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
028185cd289f9ef123cd935034f43822

SHA1
d23b386ac049703f591b758f04ce2c51571c5b0a

SHA256
ec86a9e010feb08bfd9693ec27539d345810040399712e9fcd22a7910763b3a9

SHA512
69b02da6bb9282423fddb729499f3daf73a7a9ed5e8dd2f5451e5982ae5aae282c73277b758964f6473d98b703f30e5f6e0132d33884bfebabcc74783876783c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec21c0bd7ba2c500539cb0a5165aece9

SHA1
a3215c7f59715a235a43ae7b3aa9478499a55b09

SHA256
e7ad2b64b892daa67d2a91e52404a7ccf6a63ca5a890dcdeebb97bb5457e1c4e

SHA512
c4ec8097a9b98f230745df946df2cb2a5414a313ed9d7aa069521831c6a487b68438cb64dec93da32e895adf9838b9c59178f901614c0bdd86f2c71e71bc48b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68e38b65aab748e4050e791b40f416f9

SHA1
ff4c92370fe41455eb1b49e3fb95395f08a5ca7a

SHA256
8a31ced3d91b09aebb6c1f449f149bc41e89e726ec3a86870fece1b022d2c4c4

SHA512
e0e6b0fe6f97a745c18aa28ea6d58aa3924a9930b1f7582451cf12c30ecd68088d25f5efeab8f4bdcde35ac7e51d58dc64db39d5ed8e03694105cc4adf33692b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
83e7d929209b863d78d28fa07e6bf04a

SHA1
207600e37764819e208e00f21463437019d14bf1

SHA256
a2841f6b100722ee0a7e14af88540934060481ed409f6ea7834eb9f1f57caf3c

SHA512
b146b245fd54da4fed8f90d45059d1a4c8ba32b91855f96236ac1fce8b73bcadd1cb6a549cb617e97ab2cd253df1569afdfe577a4f39f43aa7806720e2bac045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
783d8748088a30436f7258d3250b1719

SHA1
18fad42f9e7221b26057b897c735529bfb179ddd

SHA256
44c100552c70c0f65a489912d2201dd6b581f114b35f787d87cefb93cd387580

SHA512
af39b17c4bf185c18be29eedea66584a8bc562124dc039285de8833b4fdfd66af7e0b4df844c03f3b6bd51765d83b469bbb4146afbbd20635ad174940411ab9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4e07587baa39ac2e339d17b32eb83f3c

SHA1
b490f7b208a881a7d9aacd1497da6bd051861851

SHA256
9f98027f609214b0ee017b83dc049b139e2b2bb15ebb56986dc839aca9ff2b02

SHA512
81be33af414ef026b75e4c0adc5360e3324096705c6ec02b3def56cf5c04867987a2066055b2618e03255167064cc5e2fc753a6c553f767b72561734c7ac7c57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e37532e879926b8e2423202413d51bd6

SHA1
edae654a9a1c3b5ca5ee6f36b76a12762bd69045

SHA256
cd01aa2559304429b919f2895bf030767a4eff075583e18bf65440f25e0c566b

SHA512
712a42fae1b7ef1dd621fa5ef823dc3fd46c70261ac8274bd490759ec05f468a2caf1cd52fc9a585669e25abf6396765684b32079ba64aa30f696f6257bc9133

Download Submit
C:\Users\Admin\AppData\Local\Temp\f21496e3-dd05-46aa-a0ad-81a26873ec2f.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4176_335527863\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
5681782469f9facbbd446467e0e365e2

SHA1
392554f1772442e013cfdc3d3423302fda555ea8

SHA256
ab07da4408f54d39b8c2439d05b4af32d5cbb4f4c5e109ff48c7ad06c94c0c45

SHA512
584b807ead7510c0e75acd595fb72fb1f59a09d7b3d73121f259e54aeaee2ba40f43b708a67afcd21b29872950c294111dd74468172044dc72d2eb8479bee06f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
a463739e7267d1a12d80a5b06cc32359

SHA1
a891c3498620f0e9756feb30e54cdb706c931620

SHA256
8901859a62b35617e361aab9d57813802d547077ae61be5afe00dd4932c3778a

SHA512
b044124384e8e5a266b18a7e6c00b73125e6d7cbccebe0f09c8d51f7157ea0276bfe733a3a96852e5469c836667cae82268215d20a5fdd3178a980f158c8fcb6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b368865e20a7041b1008c40fbcdb9139

SHA1
5e3809757f467b01c61409a4538b2f215b1d5ca3

SHA256
d52a5d25ba92c2b617e96d3ff0fd05797e05dbef0f1a760970a55fac9312b462

SHA512
8d4bce1ecb8f44386df6b7b50730bb4b3ec1ab0a867a82310d187a84fd095fbe759fd40138838ff728e1ad0e46334ff06c0054049d393a5a63c30b778ff7c620

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e361e9d5c8e503ea4df6cc1a2f2501f9

SHA1
5d475004387a91f3a1f66f741355f7e6aca41fce

SHA256
4ed669984c74b4f313e99bf09a7d43e3c78bd392a14c2b6ac2c4bbde6a884477

SHA512
b97f8e6699813a7f48d38b0691f28aa21d0bb03b93a3b252ec1faba1ec79b5a20f4cf94ffe00911c396474abc0b36f200d99de36000440411f968b6057e6bcbb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
cbec9fd651d96d9cb998bd897091550e

SHA1
ddfc6e3858c8b136cb1a7b39ae8384b450801b08

SHA256
e011984ecbffab9e6feedffffad26870f9214c185a05db28da2736aa9f967bea

SHA512
e3c2c96587d82a83915db7d4e1a003dd87615bef3fac70b34b9b0b6f04d4bb98d7d01e4df1b98bb047ba3262d43b20d715a4e2825624a4c474c49f039388b090

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
ac2cdcfa698994c2af8281acd6e301c0

SHA1
dcc33313ab87c6c9eb22e2782be8d32a85b1a22d

SHA256
83e655d7e1935e704a403e9902ec6a2797c35bbe63b269f38b3cee4e6bfafd99

SHA512
0ef2e9da082abe592e5a16fa4216d8dc9b7c7fc6bff77f3caa272d7613c6e59ffb264de7d8ced4eda2a23e98d251ccc0c9f7b6d1f30960f8294767df813ecf2b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
831B

MD5
c76bfb4d187e76672906bcdc865843dc

SHA1
f1b2060714398d777448625e50cbb95c39b1cd76

SHA256
146b99e8a450dd82c1008b7ea25f7d64ef014c749e9fa4da923a65e1324b0f03

SHA512
72efa20afbb8f595312c27609c3036b8577726af6052f0ca91d5ba4fe6044cee610d65d2ff4eab8187d9e8f30f5db1721cdeba99fdcba42f1379b6858f519073

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
d25771ed4d284d93cc564ce7826318e9

SHA1
a2605243d386bfc3eaa44ba1e106e3d0dd37deee

SHA256
3ddf2edd37f1e508fbc8f361018f1d7c23c86f734eb1f28595a3ef7b6435bf02

SHA512
04491db7f13416cf2f7a3391af5e4f33b7495782d2cfe4f577d514040a82a6cfe3497e1836f2e58974eec2e50db265c54077eebc035a041b7e8787a5aa1e258c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
32caebabdf4206af077025fc394960b5

SHA1
c670f5bd40e0e2bc3eb4a9c70030da790b80e235

SHA256
0d2e74d3b592f8a92307958bda353f50ae00d6a7861b188c51279bcf44058db6

SHA512
395b3c3fd6b8093f4dbd24e2a871416ee2546ace1cc829c9a3b0c0d8111195401c7f5b92d166e61263548c022ba226c55d45834b5afd1f80d61845eb129ad052

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
829e761ebb632d8a5e0b52448d06fb0e

SHA1
740face246180f646c905beb1871a2f10261d309

SHA256
5b29fc7c7dc019d86a4e5f3101951adb3082f31731ff21a0c609c1e7bdba9663

SHA512
87276ff6173160a00775b82e46e0d201518fbdf5bb7348e415f7684d01de83d6dd39d91f5a8f67ee5c26ac6571d56c5ea10b6d43c8002e461d878f5cad6a6fad

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fb80db6407539b99154446facfe4e69f

SHA1
a26e4ddf9ee9504581eac92520aa897e1cf26614

SHA256
dbda74c7f189d562e4a1ec1cabcd5fbfaf56ec91671d6eb3a74389328ba3f237

SHA512
31960e23fc84882d842c17ebf7be62ad24ccb5f785a2ea8126f75107a8e0f039ad8e370ef2b8ae5fb5a8874b77d7d4afaeb67b40fb9d4e26dfd3827d0defc505

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ce0b8d8e02906c6b067401877a505491

SHA1
40e890999710b295c9d6ab3c5a637f46e7cf32aa

SHA256
c1425413602a5572108ed16dc289a814eceea6cd1a74aab6783bed27366b9a96

SHA512
9956dd1276038de4194520dd4634d395900af3dc0459ac99518c794e8cbe953dad9c5397a8f97184ff9f902450eec8c0a2a046cb5eab429514f47c3bc466b2ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
a96ec838433637d8393bb920086aba11

SHA1
9b68bb3d4306165aea4d6c0b1a1cd10105936634

SHA256
7a97f3f353dd68ffb43b2c4f259c344f69dfaeb74793595b5dc204423418d894

SHA512
1750ee1a1d1b87b4cf517c5a4b9251f62225ee3573ddd3fd0e9cf1869d1935f8d1717322ba1cfa6e05dd5772c73225210eec667fd0da27f8d890eb6e82130150

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f46957e9e2a1437a2eb9b42cd6a0b157

SHA1
9963f7a6867363952b5f72fb048183db3fbdefa4

SHA256
6ba17a8fc975a49f8fbb9fd41593172603c6b2ce73f35c9fe58ae38a6b2bbc7e

SHA512
6df2de0a0e0c9bfb42bd2009c9307c42ae05f18e894ce6da9923e4ad5b19fe55a3c3c162ab2c64c694447a82b21bf75685b12f95c90231cc381b1485c7d98a74

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
074f6df52364fcdb88fd23926dc28d36

SHA1
a4f4325ce60df108948404694051b4201c2e5f73

SHA256
2b297ea9f732a2891aab84de6a425945d27559602ff418f56f9ed87ed4175bf0

SHA512
17d53d3c6288c79d160c1e66ba707c9e611a29610b95f29ca012eb492493b30cf256c198caadee8ff26125521b854fe3b36948e49c0aff0f7c3dd92c214c1e1b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
a7f25743e215fbaeb7c34216a73a24b8

SHA1
45a00e779740f2236e268c65e54421f73242908a

SHA256
530dc4dadaf55eab914386c42fc473d56123ca17568b798e8fa6ff8d50673c51

SHA512
26c9fe9cbae8cf3d1a6c42dcf81f34b2daa659cecce9130d1b44903c90c60d0d058b4b83351c0c3b4daa1d2d9bddae3d8d9d130f39159be791f4b1c8e82c0ea4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
cc0c079361c15e3efdf595d94e2726e7

SHA1
8666daa6b703a72ab1ec169901edce13f65e4555

SHA256
971d7961df5b03540cbf38b3b1ad7213ecdb0169025137da5dee87d510c97395

SHA512
fd9c67a216fd00d70bd9bb7727d33e266741b8d74b8f9a8b1721c9da5e429996a5cf8aa22d7d32cf6fe256ac171a8b447155dc3f711f756be6ba85da2f2f2433

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b7944648780a85199a0e1427735c00b0

SHA1
61f274c29a6ee78a08ec2e148dd9c0d40f732a4f

SHA256
392c245a5ab3890cd07368750c70a2ae384b3053a860058933bd465e10bf4cc6

SHA512
dca0024381829d3ad067b1d73303c68187bfc35f7036bf5bba855b052418fbafffd09eefa25f9e8ca9320beaf23bf6b03805bcd302138378b2eb78a82b017b75

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
ab012582772d4e1527b57f32c4acc6ba

SHA1
c74e5ed0f0427a9a472998b9ab665bc44196dcd4

SHA256
86f5c86e9a8b8f46d0a2603ca4137c9a2bb03af2591f42b5526a8f028174006a

SHA512
0c519adc8f178062dc4a8088d2743eececcf124b4fbc3fa65c617fc0e0c3cec62d600cd7b258fda6f7b158a113a0e34178eb51483d1de00ce6e3a34602c9b6d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/636-950-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/636-252-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/636-1-0x0000000000864000-0x0000000001966000-memory.dmp

Filesize
17.0MB

Download
memory/636-7-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/636-2-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/636-615-0x0000000000864000-0x0000000001966000-memory.dmp

Filesize
17.0MB

Download
memory/2760-42-0x0000000005A20000-0x0000000005A3B000-memory.dmp

Filesize
108KB

Download
memory/2760-45-0x0000000005A20000-0x0000000005A3B000-memory.dmp

Filesize
108KB

Download
memory/2760-46-0x0000000005A20000-0x0000000005A3B000-memory.dmp

Filesize
108KB

Download
memory/2760-951-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/2760-12-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/2760-598-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/3548-952-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/3548-15-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/3548-10-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download
memory/3548-599-0x0000000000860000-0x0000000001EA2000-memory.dmp

Filesize
22.3MB

Download