fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
96s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815527143855418"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
3212	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
2000	AnyDesk.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
2000	AnyDesk.exe
2000	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 3992	364	AnyDesk.exe	86
PID 364 wrote to memory of 3992	364	AnyDesk.exe	86
PID 364 wrote to memory of 3992	364	AnyDesk.exe	86
PID 364 wrote to memory of 2000	364	AnyDesk.exe	87
PID 364 wrote to memory of 2000	364	AnyDesk.exe	87
PID 364 wrote to memory of 2000	364	AnyDesk.exe	87
PID 3212 wrote to memory of 4716	3212	chrome.exe	108
PID 3212 wrote to memory of 4716	3212	chrome.exe	108
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 4940	3212	chrome.exe	109
PID 3212 wrote to memory of 1408	3212	chrome.exe	110
PID 3212 wrote to memory of 1408	3212	chrome.exe	110
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111
PID 3212 wrote to memory of 1376	3212	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:364
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3992
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcb709cc40,0x7ffcb709cc4c,0x7ffcb709cc58
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3388,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4972,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4968,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3332,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3348,i,13451139272995708783,5101358460274674943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eb24ec844fa600afa62e4b450e36cf04

SHA1
247ff6fb87d0f7a94f1fbf8a9c54380508a837ec

SHA256
ce22db21476023189186b40f643cdd4f24477d0da9ad8bfc3a109803313299ea

SHA512
9e5413d6d08c44b28f2db801a9d8f1c07eedbf6cdfd6c4f4093ab51659e54fea0e3a27e0aa6c3734401c3c6ea263d3e251abceeaa7020cf294d038520b68eddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7517585d8b851c04144cc42dbefc66ea

SHA1
e4128e488b8e65c686dd2c3c3588fec0ba043ffe

SHA256
1b57921274463f059a76cad38ef0288ab57e91d378012e53a1b4e656d526b812

SHA512
16da0fd9641c9cc7d5ab678c9c70708617e97863401407f1fe06f4ee57202a101663d4b0e690e1db83081b4fe3db24b7a5a59ae37d3851e49e39b9de61b475fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d0c4c015c4c0e7c3ad55b353b019410

SHA1
566b95416fb1b7da9396ce3f25ebb4ec2f8ddf95

SHA256
1c9b76b92626508c3188023647be22b20fb3da752cfb2c18ed75dff590f393fd

SHA512
e8e5771a531fe6f597622599774e071c48cb8ec722ab8156a8ebcf930f06b3776664bd7c5b128b750a5939bec947eca20ef367c987d602704797641a123eebae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cdc191183069876ba8e2f0036c2d14c

SHA1
661625607af1d0c496b79f68ecabd8f3a9071922

SHA256
8765f2bb320756e44d45141e73993c7d62ae14366d22811198cc7207be7c9398

SHA512
e16ac35dc5ec701b7c32e823065075ed26cd14321291b5b02937ea73e33d06002cfef9f141e9d96680591d83c6a2a44c6d04c228ae90535d8638f95fec6f84ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd410fd0be03c8d834048f4c92a28a27

SHA1
643909442211f2d4a5f7bc684d4aac7ed9da356f

SHA256
45a1f3ab92cf13a1382dae5b434adbe3a4a66ad22f6e35d69df2e81caef7ca97

SHA512
b567a45d9142d7ba797607454852806b8ff6ab186dc09ed196d9e16b82de99423245fbacae9cce371a257a81dc516b3dcd263aa437a7698a74f899b04ee90521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c18e143bd2efd1e100c24f4f050c6111

SHA1
2553e96092f7346d083ae6082d580e73c37c9396

SHA256
1f06e8e38b8bbe820084e848981d733f003ba5d2d79e8195c7330df02d5f2a05

SHA512
0c5f4e830ae4c29346ec3502ae6a3a80c722a59584b79466d96d2ddb149182a0035a938308d68969ae18f247f5e328492f93bd1e1e6284110970f3b6f96d3f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a6cffc835ca9caac3809087558b38a2f

SHA1
3cb331df7a5f27f2ee37c01900b2ce2dda158c3d

SHA256
6ef5a630b8568da7690e3f376afbe1d54b8dc17f0aafecdf098fdb4f07b87d68

SHA512
c4684969b0209471d9ec3e2da043f637326643e219bf2d2fb4f95a61250c409b8d8637a834c1e545a9ecd0cf329050805b1e40b45eccdfce5b02340580e14534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
82802cdf13bfb1b8230fdde0168b3fa9

SHA1
c4b5233d182d92e37f2584993085faa3ef435b12

SHA256
7232981907cd406f5f6e05eff0898c2570f21970a91939fe7b3878cca40a5d19

SHA512
3ed379e7203faf6e441d1068e94b0c5e223f3d9495fdab98186dd3f1eeeffd458a139435d137a2b094b3faf8ec5e8512f3a03e0b3110d498b78bf8c813c7f8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
723ace2a9720aa2603ca88c8ccaa5d5d

SHA1
09d31798054e9a6322d5ab0a89a5b17c4dea6dfe

SHA256
868003d3e91ae4d9b7f58eff304c58eeb7cbfe552b597fd58371e5a432bdf35a

SHA512
bba9fcc2016045f895ea67535978c86a5db61dbb485014b10a7beeedd8b9ebe08f32ad6093364b7501fb4f158397a8dc497c1a1f9e95745047ba26d8687957e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
4KB

MD5
8a6a88600b93352816e70de997871bb8

SHA1
8860fc962f3f2c08b28b18fc4c186c3bc0d59b33

SHA256
0cbefe28097bede7049ee79fa58f8d4badb42bd4ce9085a8b2a6c89cbe31ff29

SHA512
22b0717c89a7e80168dad413a019232b0b9f653bb94cbda711f4105081826cb3631d42d8348e1105a7c5179942bf13f4239fe87498ca17c7fcc9030b7e858e4e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
1a2953d109bd3e26d13484e221c82df2

SHA1
0daed2e1869b6e1cd9447bdf2e906717c3a04c02

SHA256
9ebc78df4b1fa975a892827c8ebf272353dae3cae24559d2315e1313d5821082

SHA512
b678ec595b3e9f1e0992da247b2b5740c96d909615414c4294ed6c4937ea08c3011c92c96bf77dd2f65e5554116dfcf26bbdb784254d6c6d345b49d8d8837899

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a1549666965c5f3366d02ce74002b080

SHA1
f258e10040c3fe16a559f99dd12da78349613ac5

SHA256
c64c4b549bb9d5c087b77e252502a885c70c9bf594bd076d988b75c46ed60d66

SHA512
34d1d6e8518a0f918e21340d1b4a68b18daf8c749e2863285a6ffaa3a73114a9967c41fa9a746a60fe638630dbc679b2bf6fab3134a25f40c14f14f6453ccb4d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
8b614bc0cd38d5d893e03d3c1308ac14

SHA1
eed176020ed5e177b06110089b6a340326de708b

SHA256
2fda92daa73850d59fbd7675445cd3e13c666da4d7ceb4a81b5b2c0516601496

SHA512
9cce8fb84ee0d2530eb151a37b8faad18c7411d5f9208e7fc95be658a2d9496df7a3b89a6374b60c9405ffea525bd9bfaa21fc348cccbf4a93b24806acfb33d0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
2d630eef69131725ab32e9a4ec7e55eb

SHA1
e8847880bd3fb89a2ed77d6791fe0337c8c1608e

SHA256
5f5207a72539897657e8b0c3e30fbcae89b71b4b11647b423a1d1fa68cbf2a64

SHA512
8bc20e07a74fd2245fe4c749c5fc748d96e78d365e4cb5ac0f29c4cbc6371ac36d430fc5ef010204a4e8bd43f7f3215bde9bda75dbb6b3c23de44ba5f2679397

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6d99a5bde783f1c0d1796231410acbc2

SHA1
5f896e41731fc94978575665f84591763408c151

SHA256
df4a0a6572001ce18f6cf14dfb6c62225606371473a6a2f8f9fcdcb8ed6240a1

SHA512
540e0386328a303650489a68c9570a817ce5bc0634a15c0c31e5a518d7e3941b59a53b9aade89391a3bbbc11368acb5bd89fc1ac31edc8d479c6de736441b4f9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
91479d75c069441fdb504233afc31134

SHA1
9a2583a896bf8cd49a4843dfc6a403bf525819f4

SHA256
c167762147cbb87a2d3f87046aff63c78ceb10f50d7f3ec5987b7f79745052b4

SHA512
e9db12207240638b7e4a9aabc43810c6018c019f74b58fc1cef086758ad5473bb00bf078cc9838a0812d45f639e02b391aff37e4d65366ddd4b93ea02768516a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
598b2a22a7b0c81685bdd1425e34d809

SHA1
4badbd75e1471e24375af5d4f77ec5391bdd4ef6

SHA256
9c82e09b14a59b3c58486f8918c5f79679b3fd1046220165a5c6b96f417bfc5b

SHA512
5d2a41fffec7764f9bc85c7ef6a91cb1994372f9832fa2ad2a8b816caeecb90458c5ce9ac562f07385d7c5749165cc281026025905bb6d3edcdf6fef0a020ebf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ee48dd20bd8016bccce1fa950836aea0

SHA1
003097562625a3f0b83e2a1aaef0f9b9132a5de8

SHA256
c8b4c1dbca88501293520c1a274308ee2aa02d12be68321174095d1881a23335

SHA512
55a91aa14e4a7de46393790d6ff1edf24aef7dc415effeb6a78a5503040459e47f56c574454bada5e7f82bb3d4075cba5191fc1fa803743c3d138d9e77081a93

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d8d808fcb8a5b9912c3e0945dcad907d

SHA1
24febcb090a118b624148c3f6847bf7016ee25a7

SHA256
3c549afce11865d4f4f1c733b0a53b6e977d925f46c8d6b7f9a6f00b8d569ed4

SHA512
a210c3864f1541567e5b7c23de3b7cc2602ae5cb42096d0eb7bd502ddf84eaf8473c0fa758993cec99b86c84ebe58ac70138751205a7c2dd30306caad61b07ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
62a157b03a4d5ce7c2b10257f195ddbf

SHA1
4a92ec1de1ecafad0765b29deef98348b2122a72

SHA256
4845ef15324b976c581da43ec117cd671570601c7538287a157ffabd0231b60e

SHA512
d782396a4cc0c571c1a03615878c9dbeaab02513561f66b87ecb7c19affa6d54bf6ed1131b02cb3a46f654a016ccf669cc4523b61ecf8b43dafd17732bf7a99a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5d8000f67b06c8a7e8079f7b03c4d940

SHA1
7ca47744592de7806614610f5cd21b981fefe5a3

SHA256
562c38b6cfcf553588c5c096de19aa34b8af07019a3ad221f21bb4b7fbf9effc

SHA512
523aea7847eb33ac88235a95144fcc1025076b901482146aa1f2b5d3f4d7b55f1a1a1dfa4495c77c10981604e44c6408bd89f72a296f1ab884b206f6a93b824b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7b512638920f25b381ad6809924da70e

SHA1
325b73466446548461f1420f33e5b231b1958a4c

SHA256
2f313743d593ff149e9cf9a605c419822755d97f15304a9cc5b77e65049b77fe

SHA512
d7a3cafee9d4172c421dbc45597685e610c29c1357fddf65d2eff948e4f96fb805aa35bddf7808a2de31af6da1ae26d0f7945970c44d1dd1f0361910ddf467c4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4c0dd6e1d611af3e6a5a10cf33461db7

SHA1
65e0baf97af690b59fb64efe70f5fd9bae429977

SHA256
0a8e84d9b18a74a2a855d0046f7155173f44dae05aa0330c63b0713b79a2d7c9

SHA512
c3eb18dfa711154bbf484d3a28130f723b43ddae1cf9a975a3357dcbe3cd6c1ba62e51ff99875bba0d81c54532686a73692eda248bee22e7348bb17c554afcaf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
8eb631d5639d3e299f57af09dc87c33e

SHA1
a8c737d9f4b90f8956ac6351b88bb37cbece83cd

SHA256
3ea03c60a02fcc063f4d0462e4939bfe35157c9deae432e8153b99369487590d

SHA512
ec09075cb76654e9cfb3a80261f8220243b3a68dce929019edc4f4f1235b86b3183b2e291a6e3f2f612c7281716c9e748d69b5934985aab7f91a495170d0f132

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
bde3b5cd4a8f264cf0327291910bc1cd

SHA1
599a4630a53865feecbe4411aab4b1bc69cfa114

SHA256
18927b72f0c3627e28ab746f7489a80ec7faebe3ae5ec584d47eb140d4481060

SHA512
41232248cb5e547be1e1dd892cad3b0e9b64e24faf14dd6abb6179ce0d8c1b258185e2a4a4eef39d599889e931eac22e26e40cb77b0ceda115ddb202e2eed99c

Download Submit
memory/364-233-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/364-112-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/364-197-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/364-154-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/364-107-0x0000000000634000-0x0000000001736000-memory.dmp

Filesize
17.0MB

Download
memory/364-234-0x0000000000634000-0x0000000001736000-memory.dmp

Filesize
17.0MB

Download
memory/364-1-0x0000000000634000-0x0000000001736000-memory.dmp

Filesize
17.0MB

Download
memory/364-7-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/364-102-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/364-2-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/2000-111-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/2000-12-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/2000-311-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-110-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-310-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-237-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-43-0x00000000052F0000-0x000000000530B000-memory.dmp

Filesize
108KB

Download
memory/3992-39-0x00000000052F0000-0x000000000530B000-memory.dmp

Filesize
108KB

Download
memory/3992-42-0x00000000052F0000-0x000000000530B000-memory.dmp

Filesize
108KB

Download
memory/3992-16-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-175-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-10-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-158-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download
memory/3992-155-0x0000000000630000-0x0000000001C72000-memory.dmp

Filesize
22.3MB

Download