fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Resubmissions

14/01/2025, 01:19

250114-bp1w8asngy 5

14/01/2025, 01:15

250114-bmeafavmhj 4

14/01/2025, 01:10

250114-bjndyavmcn 5

14/01/2025, 01:06

250114-bf5h2ssmaz 4

Analysis

max time kernel
210s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2025, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk (1).exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	AnyDesk (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	AnyDesk (1).exe

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk (1).exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk (1).exe

Loads dropped DLL 2 IoCs

pid	Process
1824	AnyDesk (1).exe
5108	AnyDesk (1).exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk (1).exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133812912986121798"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1824	AnyDesk (1).exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5108	AnyDesk (1).exe
5108	AnyDesk (1).exe
5108	AnyDesk (1).exe
5108	AnyDesk (1).exe
3108	chrome.exe
3108	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5108	AnyDesk (1).exe
Token: 33	3880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3880	AUDIODG.EXE
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
1824	AnyDesk (1).exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
772	AnyDesk (1).exe
772	AnyDesk (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 5108	4144	AnyDesk (1).exe	82
PID 4144 wrote to memory of 5108	4144	AnyDesk (1).exe	82
PID 4144 wrote to memory of 5108	4144	AnyDesk (1).exe	82
PID 4144 wrote to memory of 1824	4144	AnyDesk (1).exe	83
PID 4144 wrote to memory of 1824	4144	AnyDesk (1).exe	83
PID 4144 wrote to memory of 1824	4144	AnyDesk (1).exe	83
PID 3108 wrote to memory of 3152	3108	chrome.exe	99
PID 3108 wrote to memory of 3152	3108	chrome.exe	99
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 2560	3108	chrome.exe	100
PID 3108 wrote to memory of 1648	3108	chrome.exe	101
PID 3108 wrote to memory of 1648	3108	chrome.exe	101
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102
PID 3108 wrote to memory of 4784	3108	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:772
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x294 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb32d7cc40,0x7ffb32d7cc4c,0x7ffb32d7cc58
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2040,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5172,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5292,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3764,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5336,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5152,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1152,i,7498170987678502218,13741174818642592364,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\89630f73-d77d-4d0b-99e7-41c692dda07f.tmp

Filesize
15KB

MD5
dce0fad725b653ad53d2059d2f42b997

SHA1
d4c6e513362a8dc41f77873296af3c47d1fc9091

SHA256
470b94ebe72c71166d06c3ab1a4eb79ea8f5077b434e482e26871b17a31b8efe

SHA512
069cf6060a723d2c5f39def1b590834083fd282c6c71e40f4d903676af8b3340112d7d1ded1465555675c622644c0789b7155822e2c3fa943dcc19619d6b4d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8fb08b51c3941db317d493f79468a929

SHA1
991f348aef6ef66b8af154ddb7414ec7a1fb48d2

SHA256
6440a801f72b2ef1b6b794de605624193d7a66074576af5750eb4cad90d5c04a

SHA512
e04098fff3ddc917a5e8d7035f806e97bd866696f561dbddaba1c713a36f374b289f0e04c8c5046accc5ba5f40c3e28e529def2f78c7f075d5b94bef98a12c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8cac10d405d6dd2774f0098feea7f314

SHA1
d44df377e3538c7dac9405bffb2791ea9a732cae

SHA256
1b962ffea421f6a58b0e5dd549f6cfb69bdb6bf4ab11a1e3802e7f35e1b9fa93

SHA512
d614a7f1d9e6af06dd57f51e1467da8a9f895b0335242e80fffa0d276ac1cfa5e0347956058ba1d1ebe44ca7e6ab06003151195595c3c73a04a5fcfc1a38761d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8d25d8be120247c95d8b439accbb910f

SHA1
bad12476c67eb0781720cb7993275848b5e2f1d0

SHA256
eec7eabbe067a0d4f1a2206e34e9c0a81efe2333b87a7bd873951f1b59901ebb

SHA512
00292a7bf0b53aba784b2a4cafa810d64d46824e2165ef58aea85b300371c3396cdf8f13aa723371d9275d8dee31be1c6b16e8ac065aed97c133e7c0206977b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1d8d3c0a3ec1782508530ad862db14dc

SHA1
7500050ea005fd2353064e5582a7ac8e07c7ad2b

SHA256
b2d48fe887c23b619a1dc2409ff70d27966e3405b2cc812e5026398d358b2b64

SHA512
8f0727e4487c089348d1bac76bddc93a2d17536c09a2f7314ffd4dca8509e5877f408567a9bec79f01f8c149859b0333bacc601f573a3b9f51e0b7f4c776b975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
76af746c1e7fb4e457c5cd836c8e0b09

SHA1
18bd4025fa992f73edca522cb66f04eb1c5dc089

SHA256
dfd4f4b28816202a0e0b095184e2165651c5ee95c76bc5c47948c43b87cb3cb9

SHA512
de7518ae85eb72b9297e8c126bc5ddfaf856cf80d92aa8b99ec374f8bbd1102e95ae988277a8c00d45a3e667e4984c92d895055e95dbdbea2d9c4524c117fd2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cc3ee0865a55843dec53f44e73765c8d

SHA1
00b9fbf31880a9d525aab57095811d297c2fde20

SHA256
5fcf23d8f25b2212a4097e9893b62eb20d389dbf80ec6ad2d18b1bd529852550

SHA512
9dd884a1be96494495efd3906c5d233b51466493d0ed0deb2d03e1bd5dd21e67e237f2898d43c723e9cbbc85720ff5a9a83b7e94e7624c29a80afb189a038466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78b3c57d6a978315be7c1847f75e006e

SHA1
8f32b0ba0745f9a78e22d7304d08c7fdc3b8be80

SHA256
6a7ad951b8a9bbc1d0e69b08b835b7740f2909ed1a8a5031c4a5532f00d2f467

SHA512
6552960a9e8bcd9634b5ea640456bb855b9957eb934b954448455f2b0e1748fe642d9ba2765016d844c246debfe9253878b94e9dcd7fabbebb2ba597e7953de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cbd4d2f667aafa3eaa70a103cc13378

SHA1
ea857485fd71a5e321b1d9d370a74e1910ecc2ca

SHA256
8d7b1beb8a38d0fcf10aaabeb80f0a7255dfa396aa024f5c9c7ea8ca2f92ad57

SHA512
20d740e182fc0b2d8a20a1e81b391cad1dc59edba05d5b213331b17c62cd5294b25645da3433f15cec9456c66753214d5da51f363dc134c852ef39411d3e7eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2dfb84721d402ad9179132324b8b90b

SHA1
74860eebc4d8cc46ffa2734b5c6057721bee229f

SHA256
75b35dfa161cae7e816d82c40ebf01c61da56ee1264e4733e6704173d5148934

SHA512
6172a60fb34c9ce49d31678f79696f557b9f42b7dd5d33eaf27582c6fcfc0264c4624d95a6c772e9da2bd784c0d5b8fafd7dbfd22f0e6421365a4612b686be20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4211fc4dc27ba63adc8e468849f41f57

SHA1
6ca8088e7ced86d92a8f3aa4b952adf6349e996f

SHA256
d1c3fee12b81e7462b997dd99e9e50b3fd52c79f400576e0610d78b9c0aa3514

SHA512
995697165a1e396226975eca812b658edb42caf6c742f9b3674a933451ce9c32a99de9ec7b18a38f1e2532381df0f8fc39b6d4c4ff84389382c26eef14660d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
559e9fce10fdfeee1cac6c91a7286aa3

SHA1
68da31d73bb0742414bd8b22e14d2762584c31eb

SHA256
b3be95a110cdd0bd69958621647b773d676b568544ef6bce838684fd01d376da

SHA512
09a645ffa635daa09fd6c7793f65765180bb1740f0590c33c2c205ae9d5ab21fd017404e75db0ae7b38efcb9e7dbcce251b92275c753da999153afae41923dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02ff9535cb0d9b0912ddafa288f3901d

SHA1
f6918755ea6604ce17de57c0d500fba09963c35d

SHA256
da77a3c76b5e3166dc0ebf54604c3619b0ad0d63af2693a85c9ade4c5df66e4b

SHA512
65467f160eb9589cbb6ed5bd26935d544142a5a9d627673493e8a25e52c520a9fcf5a193f980c4a7bb442a54a424f544453ed85a41a1646bf0506ccece442609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bb33eb25adb6b13049833adbaacf79d

SHA1
4400c7284bb80baeeaf41ade83a81e467ca1ce73

SHA256
f041477217cac5243b96c18c883e88ae92e260f15780a21ffa2232ca4be1edd4

SHA512
1217a2b954e809c3055582f6ec0c5f3cf0b8a6efaa3b3b5551c9a5442f37a99f15b09a2b6e6650dca3614f43bd8f43fb8e1940c09012296b6ad44553db50ddb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30420b9f86ee6cee977fd33e8dcbea3b

SHA1
d79cb2f46a3a30af695334ff4f38523653debf50

SHA256
3f8cadde77293bbe09a02102889c0e1bc1f8e7636794f181cc3e32966a596f02

SHA512
c34c0f1a36b979a98b477b2e3c89b9f6b6ad46d33d257df05cfc04c10a2596463678878c025cadb5301ca2289c49cc9be8ff0e393b428dd3c6d9ee7e51c32f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7eba748304db829f2f1836844d3fac59

SHA1
e2595d74eb2c43697e475e58a8a36e37ec7fea4e

SHA256
a01b5fac2b1b16f0b2e8cf2a77fbff5856801691967d0834ce874e670eaf305c

SHA512
970cb2c86d5f471d0c686ec95a4a038ce31de62d0b4333c17ef2ed5b7dac0be25b666b8e0ac8b34b9b68a7df2233f7bdc72d0913c818be9975c16eaa064792f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a81c90bb2bc02fa4987b6e184d445d5

SHA1
ca5160be09343500f24e4a9ff11f4c1eab074890

SHA256
9d6a7eab6f2725d42615ffbb21906c13ac97015036ea16db716c53071f123e9e

SHA512
b88ac334886104621cbccaf41bf08d077efe39c94847950f3121399a6c6b28f06b909577962cb00c1ce196700a40ec673ae3ff9fa8a1cb5fd7d617f3d0bbaa9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
8d9525ad76ab2326633c32370b8429ab

SHA1
d4a1522c9b067b60e2590c9234ca043f016c5c6e

SHA256
57f14e3780b21eeb8d47f3659402767ead43b1b5a0f4325395d762861973b959

SHA512
2a1c2269f80883636ad6d036d74fb990ad1df2a7bf3c23cf865595c116a632ffd53842321bcc0532ca6c212af2f1bea9bc407c1db5d6ff99b6b5443cf09eedc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
9e6ce41bb1e0b95affc206a760762ca7

SHA1
1c4d815d7340640f704352c0fc63e2531effd293

SHA256
9fb965c0c5593433655234463d85609d65641ac8d04743969437d4b8962e75a6

SHA512
345a9bdc87be1cd1cdbe7ab01afce25aad18b8e2e2ae58538ef784e59f97bfc56074341150a9080df6cbe432bc565060b1354f1f632cc1edd51cdef15ae1f9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
64KB

MD5
ecb9969b560eabbf7894b287d110eb4c

SHA1
783ded8c10cc919402a665c0702d6120405cee5d

SHA256
eb8ba080d7b2b98d9c451fbf3a43634491b1fbb563dbbfbc878cbfd728558ea6

SHA512
d86faac12f13fcb9570dff01df0ba910946a33eff1c1b1e48fb4b17b0fb61dded6abf018574ac8f3e36b9cf11ec025b2f56bb04dd00084df243e6d9d32770942

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3108_243360780\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3108_243360780\b2d1d5f3-3d45-4934-a090-a6716593d037.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
d771c4da086117f5731806b28e559257

SHA1
81b9b6ee4baca3a3d3d23c0084e7d163aa50981f

SHA256
2b499f3d498181f0ca7bbc87202936bd76cdedb0890a1b9dca5272aee3e988ee

SHA512
11b50cf80ad5413f97507ea26d490c6b78d55a76d7b13c10d5a597e5ac8d6e3f111841ca2d688daeaf52e3a46df4c3346c5c3e5e95e71d6f8acc2e07ba0e76b9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
d946b0a533a595b7ef52b8d5e58e206d

SHA1
91cd041c21a54657a64589fb8b44adb24442c7bd

SHA256
33bee4a25c5d35fa99cf7b7198ae68ea670834de567b1b0a88e826533df1f071

SHA512
732d74c67844548b679516a03018194d0dc7559fe2be633e91169843fa07e7a9adc0936e53d5e4d6eaff486cedab3a5013e8fefec979b7d875e682b093be594d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
39KB

MD5
fdec4364e06be35de17e59014d7741bf

SHA1
17d191d8b1be37f816e0f36139135ad0ce1ee90f

SHA256
96eefebf656b4cf6d347fb0f4a7d0bd3505a1f174ee1360000567c356e2c073d

SHA512
c56538da64db11784599143f0ddbce24667a2fba23eb57cae8b32589b0aeebb852bbe97918906896ddeeee0ab8c1bcc3350617fbf8c569b3a2f58776ecab31df

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
49cd43c890b0e42aa12e1fd13726773a

SHA1
ac584914b42a311647f90e6615b946f24bb18a18

SHA256
7ccf12e598e504fbb2988cfa3cb082f8e749e03623d07c9ec3bc0124e4eae3ec

SHA512
fbb5d26780d8bf0da2189a02b04f7360a8cfe3a4b3632a15bcc2fa3821828d3aec99eba0308ca51dedde6b2f4c3cfd48a900f9f5dd4d6bc3b2a0c7cc4a98a0b0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3ba97011a18a54c3c8f8f5e9f1b9aa87

SHA1
afb6d40ca033331583fade14dacc98356fc0600f

SHA256
b022ea731e03264afcd69432ea63b828f1c593e1f459d3f43e5085f3d09f1428

SHA512
a9739c7b1293a6848842bde28d6f5516aecac3b22542063d238d136163aa6acc2ddaaf74ae6691b9701c709d92a98b41c57aecf04f2d7ac6a2aba76094475f9f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
a2f4a70860584fd4450f613bb82d4ea0

SHA1
69493372d174931c933f8a9b13379e3900e2d468

SHA256
4ece1c8d1c721fd6587650e03ddd0bfaa4641dca088863ec71b579cb13e1aedd

SHA512
797b06905a6f12f2abb2536047ccdbd01f167793b30a958ef9f61ffc9bcaa4712dab8743b02992436335e1d4168d79af4315ddd8f2087c7bdb5ae18f1eb9eea1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
775B

MD5
4510692f049a55eb44b90f4977db7961

SHA1
ad20d5e6203763f1464f4de0eed00738c41c2c39

SHA256
347d32bc084f34a46724e853c0e3f9d891e61ed1488229b5e693e996708ed67f

SHA512
73f52e1d03e459e406b80c1078429dd8dff72331ef01ddd84fe360fa0ca31580226776a436262cdeb2c67f31d320b75693a3269847c8badfbe5f8916129e74a9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
a17806270e761580b67681a8b902ccf5

SHA1
c7a21d71bc233f8e5e263447ae7ec47f590ad535

SHA256
357535dc67aaa5e0adba5dbe2b105daae103d90614fdd0c3ae5964fd0b4dbfe3

SHA512
8e6c6f3e2d64a933f7519e02cc6deae4842dd299c685320be4f4a3fed9b90fa50b9e69f9df41cc0dbee8f32c53124d4bffcff3ac9f03d6f3dad1527da4b088d8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
61f4f0f5ccb503f6ce3507121fee32d6

SHA1
b21635fd1e0d3ebdb68821a7a911156d1235b323

SHA256
d54b5204ada73271c0c2aa51a7623dbebd00ea9177d35b5b490b8107a4360d44

SHA512
3d9052f4f7c914473339f73cc9d2da67e54422e64743b33444bdf465d7a9e67bbadf4480968cda7dfa2a725f5db21b068120c7bc82ed681e1e82604d49ce3123

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
9597c87cd9cc35d719ddb6afc8870c9a

SHA1
e6e5473d5d67cf6462e3978fd57e6b15bed1d1b5

SHA256
8890173c484d2f7606bad8154ef64ff1174488a596d42f8409632400bb0046e2

SHA512
50333e06f2ddb73cd932d9ea94de059f27ead3212ba6c426d425c464d9d78899e0fdee3abec823014b9021469e0a8a76532ceaf1acafa2e664d9aa11e8bbc3db

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d6ecc578cf1801a61ec08bd8eb27db12

SHA1
e5e3433157605096b5d54e42bab96cbeb1b72b5f

SHA256
c5edafc6df7d914c9aa18da521b112aea42bbe599b2e47daa626d2edc270ac77

SHA512
c910a8bb4e86ecbca048ab79f98c561684c4baa723064e9f5adf0d2da6ef90ea3acd489fc829858e2f0f8f445ef6bb8de541b9b8271f7bf7c4c2f6aca8311df4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
96a05c630039566e282d8994e2506d18

SHA1
d38a30f0a65956c4b530743374059786ae6c60bf

SHA256
b1bfbd738d20dd70ef556140db9a1cca716c94fb4fca03266f376426897c4de7

SHA512
62ef7e28026a1ffce664ce7ea1564bc56131155588a78ba0856131182e0fb95325a068375362e419a29b9e850d3002e95f0bf1cd3dcab216e57c53352475271b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
9b616df6a3206b5b6ed17ef4d3bbd987

SHA1
e4ab53960098470121ed4006bee120a07fd6974b

SHA256
27a04c1b3d8ea1a5148a9e705143ded0ac8ceb1f64e5834e88a59ba792c5f70f

SHA512
cd7ba24a34565e585a0735ad30491bc2fd65f17b07129ec3ffbe897c71af27e3081a5ef1188b2090fc76c51ac3c32b73d03dba3dc82e0addc2ac1f05216a4c53

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
c5a13e3835c2b0a8c48f88f55d67a1b9

SHA1
65919dfb2a9df00e756e321509de4013d717acbf

SHA256
486d77dd6aab12a4cf6f978147704d3601eddb2e53bb7b4e26d992a194541096

SHA512
51e54eba27ebd398d03e4d8a23f3d14c81085f334e2b345495da9191679f255758dfdb25f221696a69258f1728dbc8a5507f3b5d6ac61560f0e06b98b85bd69c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b47170843d655684229de3f4588efa44

SHA1
e82867490ab719a306794aa77b2b1130fe4eb1b4

SHA256
13c0f3dac6db74fdccc2e064937f8ee47025bbf215358840072a185764a4142d

SHA512
4aaea46ee7167da255da7609e04a5be9a78abdde500fd815961b0102544c699c0059f409235e1e250c2b235c69e789decbbf9d25638e8ea6c6fcadddc225d4b5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4c790f4d34914c4203d4ffd99b5f1163

SHA1
f992880be0eb9450f788f4153af8673b25aa3762

SHA256
717faee43176813c27ac8ea5ae7fffd34b6e740c13d0c7c509e866a6012921ff

SHA512
d3bffb6658a937347de25c822cb4a52830e28b974e01222299e12b231bdc4b5aa099586cb8975f602f88d137c81b321e3f310568c654d335724f4ffba25877b9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
49e596ad3e09731e35ad184cfd82a1ab

SHA1
bb2c467ca85a50efd1b2beb289bc93ed9b9d2200

SHA256
69ca5ba42bf43506f8de35b18062e3e3e7701dde02be99774fcc81cde398dedd

SHA512
966261967763ee9ca426d1a4551b29b905a4d180224b8721e2397c7dbaccc51efcd20c19c93d13f44ea33b2aaaafaf58831f8a88229d3ee905112db1417445aa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
f4231d1a43f94937f8a30c23ba55e834

SHA1
dff0af421cfd29e0da005679360215088a8a7bf0

SHA256
1a798774d7a5f24aed8debdc421f8b4705677f5e6e2043bfc457e50899ac1f95

SHA512
39b0a42dab028f78268002179f3e925a0708c731caece4b30b8dfa4d4dd1391c66e598cd01f4ae01b0a60561cb638d8811d8461aadc837518332f20cb24724f7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
e01111552b148557be28d91bb86ca24c

SHA1
ba685f3d4a342d66521481039e4b959c17bdd3bd

SHA256
81a2db344334827b6ebb370e57b2e69f1cc36ec0dad49f1c58d38b0cc7183ae6

SHA512
3a7f2fce8fc0170d8e00af01f85f06571e98d64f0824617abf9a8769443395354e01e20e5bc2199974980d0ab4494d9b2cf48007bb79a034cf84af5bb9f0c8ad

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
cb82d374d508c3512f01a852ffb76e8d

SHA1
7b5c88d8171232bb5a25babbd9b5e7fd367728e8

SHA256
6807b94ed6720e734b5417243801f52181d59e7a6c406129c0f093422d836491

SHA512
f406913fe0eab983037a91d14a0072ebc0cc196776db7b1a7b6de9a2478445c2384396c1d827ae8e2c415060b78ef894427fb5b9466baa693bf237ddf39cbe8e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ab5469067aa2b83404352b3defd77546

SHA1
701b3592491eea980444719c4f894d8d4baafdc0

SHA256
43d37acacb4f9c04050aca21674575f36870d9517b73cc0afe8a7c46457b5560

SHA512
3844c9d3307e9b004b3da5620e9df13034d5b8acc4483291c54feb0d222c0b92b8798701dc37e8f98622c6d233e9456139a3b49b10496dd95fc285b0a786761d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c6fbdc7bfb4f4a03c98abfc65aa43f4a

SHA1
2f2b28c4b5d5f573d557de687a52cc10f0bf9a1d

SHA256
b957e78fd0ea415a6d27a36536fa72357f602a72e3f06d9ac2f1f5dd4ee1d31f

SHA512
05392a6b531e982bc1972ae5105461653dc8e9aa3d66c26adaab71cc50a9f20c3e0e97c184f1fe49af8f91a2632bd79ba47fd7cd33aae5d718da6fe4c195739f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
96162389a2ba05e06ca56fdcda1ecf86

SHA1
36524b16ead9067df6400b721ac8bfa6e8b2f9b7

SHA256
c366f9728ccbd6003a122a38a187d1ceb6339978a3cf8f0c54d569919755b51e

SHA512
246bf82dd1d6f2a1935d39982e9c2abec9b79dab460c16b01d8eef1a6c34d433b777919e71f69e3dfeec65fc8cc057a327bf9c327d1154c46b863fb6cba53db7

Download Submit
memory/772-307-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/772-752-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/772-843-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/772-300-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/772-246-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/772-335-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/1824-299-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/1824-306-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/1824-233-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/1824-14-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/1824-10-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/4144-296-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/4144-0-0x0000000000EB4000-0x0000000001FB6000-memory.dmp

Filesize
17.0MB

Download
memory/4144-1-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/4144-4-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/4144-228-0x0000000000EB4000-0x0000000001FB6000-memory.dmp

Filesize
17.0MB

Download
memory/4144-230-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/5108-305-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/5108-298-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/5108-42-0x0000000005AB0000-0x0000000005ACB000-memory.dmp

Filesize
108KB

Download
memory/5108-855-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/5108-12-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/5108-39-0x0000000005AB0000-0x0000000005ACB000-memory.dmp

Filesize
108KB

Download
memory/5108-231-0x0000000000EB0000-0x00000000024F2000-memory.dmp

Filesize
22.3MB

Download
memory/5108-43-0x0000000005AB0000-0x0000000005ACB000-memory.dmp

Filesize
108KB

Download