d3b606e08c524995b585d6649183387068ee1dda60dc7e11c950966a7e73f234

Analysis

max time kernel
816s
max time network
443s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05-02-2025 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.0MB
MD5

c8eeac24eca23bd1df10b02d5430432d
SHA1

39194c57c0488eca2ca7600d03783f6df4957688
SHA256

d3b606e08c524995b585d6649183387068ee1dda60dc7e11c950966a7e73f234
SHA512

e67f30c7bdac4b57cdad769b332b586a25c8d95fd0361a90986fad1e5ee2746b4a67c6a74defadf92a2499f6b5fb7b7a26057a5148ad270e45bacd366419f94f
SSDEEP

49152:PjHajM8yMboA7HSP/LRVTRoxy4cUARNLBQfnysp8OQmY7jRvTepmgChCkjIvaW:P0ByMPGP/LRVTmM4qNLB4kjRbWChCkOR

Score

9^/10

defense_evasion discovery persistence themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	test.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	test.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	test.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1192-975-0x0000000140000000-0x0000000140EE3000-memory.dmp	themida

Downloads MZ/PE file 1 IoCs

flow	pid	Process
144	3252	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
50	discord.com
51	discord.com
213	discord.com
214	discord.com
215	discord.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4832 set thread context of 1192	4832	dllhost.exe	131

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
3736	test.exe
3280	WinRAR.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	WinRAR.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133832445949335457"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\WinRAR.exe,0"	WinRAR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	WinRAR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	WinRAR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\WinRAR.exe\" \"%1\""	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\WinRAR.exe\" \"%1\""	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	WinRAR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-590766166-4003350121-2036565200-1000\{36232B14-1387-4D3E-8174-4553FD2628DD}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2492	AnyDesk.exe
2492	AnyDesk.exe
5052	chrome.exe
5052	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2320	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: 33	64	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	64	AUDIODG.EXE
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4392	AnyDesk.exe
4392	AnyDesk.exe
4392	AnyDesk.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
4392	AnyDesk.exe
4392	AnyDesk.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
2320	7zFM.exe
4464	7zG.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4392	AnyDesk.exe
4392	AnyDesk.exe
4392	AnyDesk.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
4392	AnyDesk.exe
4392	AnyDesk.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2924	chrome.exe
3736	test.exe
4904	firefox.exe
5520	chrome.exe
3280	WinRAR.exe
3280	WinRAR.exe
1348	chrome.exe
1348	chrome.exe
1348	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2492	1744	AnyDesk.exe	84
PID 1744 wrote to memory of 2492	1744	AnyDesk.exe	84
PID 1744 wrote to memory of 2492	1744	AnyDesk.exe	84
PID 1744 wrote to memory of 4392	1744	AnyDesk.exe	85
PID 1744 wrote to memory of 4392	1744	AnyDesk.exe	85
PID 1744 wrote to memory of 4392	1744	AnyDesk.exe	85
PID 5052 wrote to memory of 3500	5052	chrome.exe	90
PID 5052 wrote to memory of 3500	5052	chrome.exe	90
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3060	5052	chrome.exe	91
PID 5052 wrote to memory of 3252	5052	chrome.exe	92
PID 5052 wrote to memory of 3252	5052	chrome.exe	92
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93
PID 5052 wrote to memory of 1264	5052	chrome.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffbce4ccc40,0x7ffbce4ccc4c,0x7ffbce4ccc58
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=1792 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4892,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4700,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3436,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5800,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5704,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3528,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3508,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5300,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5564,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3496,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3148,i,2525682447450396144,4156947777151584733,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=1128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:64

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4296

C:\Users\Admin\Downloads\test.exe
"C:\Users\Admin\Downloads\test.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3736
- C:\Windows\System32\dllhost.exe
  "C:\Windows\System32\dllhost.exe"
  2⤵
  - Suspicious use of SetThreadContext
  PID:4832
- - C:\Windows\System32\dllhost.exe
    "C:\Windows\System32\dllhost.exe"
    3⤵
    PID:1192

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\test.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2320

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap9439:70:7zEvent23399 -ad -saa -- "C:\Users\Admin\Downloads\test"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3140
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 27199 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bab0df2c-f4cb-4da2-b12e-de3a00a0a860} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" gpu
    3⤵
    PID:764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2356 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 27077 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c914ee4-079d-4190-85af-19162db7d6e7} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" socket
    3⤵
    - Checks processor information in registry
    PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 2988 -prefsLen 27218 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d65dce9-19cc-4d82-a938-f1adb15e90d1} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4064 -childID 2 -isForBrowser -prefsHandle 4056 -prefMapHandle 2952 -prefsLen 32451 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c52d7f7-0aab-4340-8434-a3c8b82a693c} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4768 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4784 -prefMapHandle 4764 -prefsLen 32451 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c2bb0d6-e184-4c48-a7a3-2c7c68ff1d83} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility
    3⤵
    - Checks processor information in registry
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5272 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac6bc0f-5ebd-4f0d-a797-29690a0fabfc} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5452 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c93850ef-49b8-4723-a399-fd765bc7438c} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7a8ab4c-247e-47b9-9971-0b996c326f7c} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6220 -childID 6 -isForBrowser -prefsHandle 6216 -prefMapHandle 6212 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cd7b752-dafe-4f83-b1d7-aabb52caed35} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6360 -parentBuildID 20240401114208 -prefsHandle 6428 -prefMapHandle 6424 -prefsLen 32777 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9de89425-3a0b-46e3-860d-c47b105d89b9} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" rdd
    3⤵
    PID:5248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6352 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6440 -prefMapHandle 6436 -prefsLen 32777 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {560ee21f-1a08-4b20-8000-dad0e0b64e89} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility
    3⤵
    - Checks processor information in registry
    PID:5256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffbce4ccc40,0x7ffbce4ccc4c,0x7ffbce4ccc58
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4384,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4472,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4524,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4356,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5060,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5628,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5640,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3272,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:5340
- C:\Users\Admin\Downloads\WinRAR.exe
  "C:\Users\Admin\Downloads\WinRAR.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system executable filetype association
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,5548631097222603698,5379490299075226614,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1348

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3e3875899c5a3b04c59b41602307872c

SHA1
d120b309be72d955f2e537de48d900210feb7fff

SHA256
a9aa8a6dc1feda565b0dd78d2873f4ba5864d05451b1e6ad023aa5c40fed6a0a

SHA512
d176b94015bed998c48cc15ac30c6ea42771da5759edfd14b9fef3f417b55f7c5cc41ca6b8d309a8de65050d6978840fc931bf828d614b91373784f1d9c9d0e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5c85edf1be926a64953382b93a806009

SHA1
720af40f4d6b4a0650467a14507130da9e9da56a

SHA256
23108d6bdfa1db1a1e9248044da80a3c8ac18a0346a3699428c1a59297f761c7

SHA512
50bb8e2a2471f1051aca7a1544274c4fb84804e7a93814bf3aaca41e54550c992a4ac344c8e3530d402abbd64e00b7b46cc2facfa39da5c7d302c5149905c4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6df12d7a4da823133f9c15884225d271

SHA1
95315cc357f0ce69a7c97908de828708e8c2609e

SHA256
0557fde395bb33b7f3ade13be2ee15036f6698a355e777e6dc73a23273cbd149

SHA512
d2108e90497be51321b4a7ac42a3f983066b1402aef00f4011b8d3a7189be4e012a0402787c4e66b3b9f543e6ff14b287841dafe9bd6ee166efd98574774686f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
6d5725d065cb47b94ad659fd2e68184e

SHA1
3f4f662b5200aa35e05e016ebea10efb06997e7d

SHA256
64497e61abcc00cb85fb10a23d5d86c47902dacc015c90a249c19e9eb56ed3ac

SHA512
e4bc4a01081c35942554ad185d3dd264f922a392e1c7a5ab7ab118e13550cff8d4c127e44d5ca0530e3b30f69194189bebbc237f617e8e4ac90a49601f71a454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
31247ee93efe27ca953b307a9cf5eb32

SHA1
45383a8568b3a12a80500cc7b874fae09d5c7323

SHA256
197fe6bf9a91b4f97175f2f65df21136e24a4ac34f5c12100c97aeff72fd0e72

SHA512
e424b85cadec4f32efc6a43a03ed56c1d79ffffb4ed4f8eee4fa8d0a3efb9ddd5af627a1fae2eb8e0fa3f8295cd4701fdc51fb87fc7cac840ab608dd7f501c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
900bcc0e68180d9bf8d4bf4287168e0b

SHA1
6345a5d44708136f7a1cfc212423df9af659749e

SHA256
2c3738db165f7ae0228fd70d4cfa9520bf97b0da20043fff310c288c89465962

SHA512
e5b71e30e4e672d81c152acc46f73e25f1be26b7290995efdcc7e6100acc3521faee44873e3e952a64eb3d5539ce351067016b887d362501ae4890236ab16a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
17KB

MD5
e308ed7a5280b1413b936f0043a8db1d

SHA1
d13e3814526881dd9be55b0e2b31655db31d3316

SHA256
ebdc84f150929602daa3f3795d98418389eb9ffc880b04ff8885d858509cf05f

SHA512
4a5e78d73a5ad0bd1754a4fe2fde70640ae33321981a034f4dd089bb57a4d7e88a26a75bb3ab03ecdfcf64019888c9ea15f6323bae8066338a754be9c4f281c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
53KB

MD5
b9187e5bbd95a4931a2561e837291999

SHA1
0a49dc77e674b959f7a1d3175ac75a9a22ee7df0

SHA256
4c97f20b8ed99a4904a9d886bd3b6f182dc67b70c605e61d3a54efd0b40eef3f

SHA512
28762c854956da4436f0d02891164573f22a30f5aabff4837f10a40ba1c1764944cc74f895d6720906763535da8faaf71d9f5a73b36ff364a720592c7558aa30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
23KB

MD5
90a30520cba1ab0af6e6704bf7872e9e

SHA1
3c022801d59c4b3b188cb922c875794257625d1a

SHA256
72dd217d43723e5dbbca692018d0b7fb1e632cf7ec465f6d024fa1761d89c9bf

SHA512
1d7ff27c0325937bc50e0c3e770337cd44a44a005f37162eef06d841c30d8640d1cf4d7b4ec508d5f761a0abc8094f82d2b3758d640acf5cd6051a583b044e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
46KB

MD5
f6e99fdf009c8c9aaa1e3ea2fba63a06

SHA1
ce7a76ea013f623b880646ecdbd6c919ae5fe93d

SHA256
222cd2dbddff682f5a25d4df684b471c201ab8f7e2804311e0482415104a688d

SHA512
8d29cd0c89af9b77ff577b95b2a603949e355eb77982a4f296aa886dde6bd750f5c7b9adfc20e261ae61055214ab53ac855c0307769b7e8e7e6871238f162973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
291KB

MD5
20789b6d98796747f94a241f7b29b7cf

SHA1
fb84e0b390b9bcae946a6e6a8f63d7999a7ddcfb

SHA256
ffd27f3089dd146207665ce547692315da34e9bb5b78c26d8cfb662883361350

SHA512
9445f05abe8450069085aab6d76502af7a72f03ed242b832af13329a1254bd9981de54b26817d23fa54632299271500070ef0ec0aaaae6fb8f211c6b1e4f5978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
29KB

MD5
0463b414a1c2b8755fc4525fc5a7c841

SHA1
86fbe2256bf7312f410099eefa3f7e8baf87b59f

SHA256
16f362ea962e65b135ca4755d847ecea52374155066f078fe6ed3e589da63bdf

SHA512
78d1173eaad979506d3966a03c6bdff52b0d494c62722a793728559cc0ae5ffc4aadfaeebd974f5e4826812601c7170ab6d4f8b7a2779b9a55a7d295ef70adfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
58KB

MD5
088f3f4e13d04ce0f336c4d3263ce01c

SHA1
f6b583acd3d5208e006703f115e1d8a05e5a011f

SHA256
e5c80d093ecad9c0fa404cde0fdadccbdf566c777b5330af55a01b390e119763

SHA512
be76dfe50394f16b482f6736bd76c7e215f1278f8b519844265b8c23d6d63ec524c52e3c3f9c0dc8d0598320d484dbeccadd5fea0693ad91921696c2f04669ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
305KB

MD5
e3f93a2b53a1b29afc4b8308c711ff94

SHA1
753d8d2917baabea583d9c342bb590b5cbf0a0e9

SHA256
15ca673d154aed5686882a5916c705c54d78a263fe6093b9e2ed36d8ff61233e

SHA512
8ccb7a97ebac0f9242681423bd655884a7956370d56a62dddceab0ca72aab3c03d03b1dc48dc3d39ebd624242080bcb5b4736d5e48299343c212cb9f683a9514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
126KB

MD5
24a37d55daf5006c2fab6b76ae68f355

SHA1
dbe27f2bc7843496b892f8138b2abb6cd996a012

SHA256
12b7132b113c4d1acfeb648efda4e1ebedc4bbe63d61b87ba54e59f9b7169748

SHA512
4c70ba7a00aa78024fd5dc3d0e74c4acdfcc01edb7475b835acec4972a4755492a9a5081c02865ef930f9481e5168edffb2ae9d86990986cac40783d6b581564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
28KB

MD5
8aa64b92fd5a550d242d3a9623a54bbb

SHA1
90dbc209c28f1613cf52b26607053c6565a2ec16

SHA256
8bba840859e428e8d3594944481a016b91e291d8603b7bdef96cfd0d2f655d30

SHA512
8b18bc9776c9b711d35ee17f6028df9a15b380fac5359e6c77e8691404d4e3a8cea9cbfbfdc0cd639fd7339a33321539b44abd218246f4138d54692480c002fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
16KB

MD5
9a61d0fea04c86a6cb7609579938b36b

SHA1
2a2fe758644197f62c368b86aa7e90154cd87f43

SHA256
f64aa535c07e27df3d5d821625947e0db082707d28734ab03a71a4b23ce776ce

SHA512
b8741ae5420ec41f4ca30f44f24cd5af05e19edc50737f0548cfb848820be9bcd3af86ed61839dc652773fa4bd8eb8fc403e74f92e7524c0bf233f6ce579ab9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
28KB

MD5
b20f0e23716fbde0dde0b0067dc7a3b3

SHA1
a025e36c9ac03237ba908642ac896135fe5f6a32

SHA256
dfe12b7b047023788c2663bd9a46fefbefc7d82eb4840fb2e2e8ba0ebd59adb1

SHA512
236ca9475b142acf7bbbc8af2906e198026e0af1be53b902341a78f376a201e0d8b0ab2161b27175f50636c0b722d5dc04188dc55cd807ac0aa084cf6671c533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
145KB

MD5
2dc8eec5f1054e84a532660ed2780265

SHA1
9703285cbe98093baa661687f97754000a0af8ee

SHA256
4f5d89e46e4848e495148e99deae088d3b90ecc677462ae3d1941bff93259b2b

SHA512
ff5a48e96c430703fde7030d66385d41c7aa85dc3112dd241ce6edb230b8455071e31bcceaea0d6c676d41d69dc58931402621a528e3930e5463578562beee52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
32KB

MD5
890a9ab504c3657183ff118b1aff212b

SHA1
127609df5d04fc779da4a9e90d8d09bdbb390149

SHA256
d472a71a0f92855881ce2c2334df77a333461f6936f1f0388f952fedb056fb3e

SHA512
a662c708882ac3d5a7bfa64f16becf750ffadc333784a72350c71513cf2261a8cf63b67da989bb5c1fa78589d570eadf45a9d9590286e764520fdc3144e6349e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
24e2fa0283af1a824ccfb5c345e1748e

SHA1
e721136a8a6e0910d9f23736c0b1cda66cd38cf5

SHA256
0f55a4989df7c23e1f5198622857ddf1a760f5e55c002c99df3ea1bdd0d5c0af

SHA512
5a048c36d9ac32c3c9142d40c02c0bf21ac80420f5d7053ff5014c3d2a548dce6095deb4b59ece4a17b9b09388ef9a33bbd780c1e49de920cd7b4e2cc79c5ba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
02c7966bcc4c2591e8f5b364cea8011a

SHA1
abeefe46caf5f95226aeab1d8e89554e3bd1e6e4

SHA256
9a252d7de1b6407ecc11d2ac09e6d60655ad51ef837b55d11a3ed1e23b0b67e0

SHA512
97d6b205726b63593dd47fe8280943da0e64df45e0591e3ae5a551f2a959c66b06a605abc0e45effa6ca9d7ff52da5a93988fd33591d4d49a2d3be093ef76f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c4c4aa503fb780154f3f8173ce266885

SHA1
bba906f4cd3ea8887404c2435bab036e8e0166e3

SHA256
bb8acfe92dfbcdb71c547b4546864c5d6814eefbf7e0d7a44d9bc4d5a4fa0f66

SHA512
89920d0e4b97fc7628c3388f2e1599a8ee697a327e32e8d6f62b0669cd0a50e52794b3a80e31812a12176bd2945b0b1db8ff43c2a38888d28e758e2e9af234f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3065af29c1cd999e794152d49bbfc7cc

SHA1
c82109e85dac17bc67bcc290b036c63567ad15ba

SHA256
b49236ce9a1a235fbf4b801a3cfbca91aaa0742fe453fb6885ad4b2330dcf368

SHA512
3f5fe8ff45a07e7f95f9c2e3e0d10df90e0deed17a188dc83c6d9415450b77762ed49caac42e2616279d4e4ea2e4513ccd2b89b6d8cfc790334620b20a0ef9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
ba97d46676e7ff9cb01443e8ef977e6c

SHA1
3cd30ca5aa8b0751aaaf1f9c5860c2fe1c236c2a

SHA256
8df816c0db319c7bf276c8d5fc247a683a5601ca01e364312f6853fb6d7a6931

SHA512
83422547032f2a17cb5f652623129a2b671673033cecd48a51969e6e2205590623fca75ef9bbb1cd5eb46379df3dc21435eaefc9d0805dfd6a49e8653c26b88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8e2840cd4a798e368189ee16881944e1

SHA1
09b7342248cdaeed91a6a84a26aa93891c7b7859

SHA256
ee61577e72f02cf38881abfc667130ad7775a322669b9b51c63003f70e765442

SHA512
c06177a4de3da41c2f68dd0f94a959c39ae4636ff2f5db1f5467dd5d984329f463a3bbbf64bf8140ed5c6cf8be206174c681cc2fb4bb9edd2cc3307be7cc26ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b1c76c7853b6d5aba99d572778f125a4

SHA1
2f16743810e7d7f9dd4d57028fa2c2741deccd23

SHA256
88895dec1b7504785e43e91dcdcd3cdfde657f23ad82ea4c368112b42e045e73

SHA512
164574abbe99bbddfd05f3e6e1fc23ef2fe64e6113c4be6e1b8a99c525fa5725a3e4975f627caa1c48ef9d681009b7ec5f376df0dbffcaa88ca9fc8dd3c375b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9d1dd465ad98f469a9430605e4e026cf

SHA1
7398aaa5b1c73c4294a0e48c9d3f44bf03b9e6e1

SHA256
fa9da7b42d72308019bf343ce02a241e8f425c2d29da75d1a86cfeee0e947dbe

SHA512
d45b7e0467dd1105725daff22585e1437358f1790820f0a61da462b36fb4f115b1cd1e8d0b995fd968d096aaf979069dfa7dfc36329080da23bc1c21c241ab22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
736258340e0a4d2a84d6f57e5f525bdc

SHA1
85df9753ac7e0b247f2314770bea73431e1a6236

SHA256
cf6b459df3bddd0e4f4ecd94fb8f2b13dcf681740d35289e5ba9061a08f3f8cb

SHA512
4e7e7d94552af3fa641ddf82d1e499aa130d5143e1c88a5e9ab62ac78b430ab92a38a684be7fc4efa7b7ebaf1702ceca9e13789ff465ca810620f8a4fdb2131f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
93b4a3de4d23c9ed345b3e51e34cbedf

SHA1
ff569364a2d056a914317f96b030ec59a7becf44

SHA256
01709acd3c524e43b6f4266061eb5bc6fbd6395a9927b20a0db18467dc0bbf9f

SHA512
35b99a4fd4ef4117fe3bb0b5bf85021e74568747830da2864d0b1b141255da70631f1eef4a9ec217d5c624ed9d3b927059be2e9ff7dd8c91415c11de26c8e1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
21df8c5b5ea42037796ac38659eff83f

SHA1
9b03aa7851e2a4ec966739056b7005c15095cd2c

SHA256
3febe92b1f06637f8a3753cd37b157b73df1495ef4f25c549802720dab25fd49

SHA512
3ff8dd4098c51b06a65ae55b529406226501da56dec56f606e392b565c2f11eec4842b5fffdbc24ef786246bc75e3c245373126a2e6a63bae16bf28be88e588a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5a4a295aac13fb9ec41410504efa04fb

SHA1
ae4f1852bf3d80072122d901b694f052924dc7cc

SHA256
e56d644d18217b35ba0d30f315500ada1b6e25704ce566f24869121af3b8e295

SHA512
deae78941279bee0ed818e01b557cc8b0d73bd047f133b1fe38e16d4371918f21d948e9f848b6d60d10d9f50fb966478468f0b7775b1dc57e9984efab2eee5f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd235fd37492c0567e35219ce6e4d7d4

SHA1
755d8ae53c5f779c8e968bdb1aec88212f792347

SHA256
824e41e03f110b4991685ed2878948c22019a10c12eebc668ed79b75b0c6f2fe

SHA512
a26557021d45d12eec9486b7bf1c2b28e6ae8adee1d6d675aa91752b8e9dcccb1557f7c753d9c807fa1b304b9f740df5921cba6bdeb9e34e32b69cc92b38e990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
021fbfc94869bd6843d69f6c733f1d41

SHA1
6b214ee245da370e1f27026b69256dbf349f1209

SHA256
a3f08d06561b8683d709341fee53a94357e96e4f31188c09c584c38962df36b6

SHA512
0ba8a77b44ba60b3e9c134204bae4ff2281cae3f6126caa2b03f60dda2b54175d9e6fd5b81eb01f3a831682e7e7008920765fec9ea8cdb2abdf028bd26c5b12b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7702c1703782a4579e4f37adc196cd97

SHA1
4358543aa7d0f53f770adac88b6b16b2140684c8

SHA256
a3eacbe94817935947122038940d7817fdef156380878122581ec971402f4d5f

SHA512
5ba44b59e9012dbec48d9efb08abca020682f0cbb0956fa1db4a4dd09416a41dd97fdac98e6b62d3e9e30d03f6e363e6af154345417a54af54f432177b40b91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8dbd47388ee6d5558f3ac7632cebe1d5

SHA1
1597bdbbea79e93a43821ac83ccb715e96000abe

SHA256
5f19b7d2d09056ee45aa3844143e33df366a64d31a079391d4bb0e7abcfc33b0

SHA512
17bdb0444e3573411f950c7e2391066e5b8ce4c76893479db4107af7c5351ef6c6ec3a868aa73dafbef46014f6b5eeda8637a01f78112e0335741c6801a09013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ef9f0d61df4d9b5d1f6aa6c2600fbf52

SHA1
271c7b5826ebc17c6d6a449763cac5a6242a2393

SHA256
e7801ee6b76fe07ed18582f2d511d4733c636245ac9429a130a52103fc9dabd5

SHA512
c5a615c683b4a4639264c31e91bf3fa384092e2804688d2578644346c678223cdb3fbd92fa39c1ecebc3a42dd58230d299c385b98005193e5c52ee0b522f3617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93722c537db6060ffebe0dcda03d9f78

SHA1
5260309e14c7d5f98c967a0a421fe038e317a7f9

SHA256
17f4b938ad6691ecbd4d603d74ad66f9b19b21b0f717954b006d1763ecaf5835

SHA512
f6e591c97e1c0eab1945b11a54d0426cca8365f9f9fca1a148e6dabe5521540b8af23fd6dce279fe799173a9744d9eed6549af2120c018133cbdd5dfaef4ef81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a03cea29c7631bc515ea4d9233b02bb

SHA1
ac15b17214137221dcb3d8897d155be891d0c7c4

SHA256
4ef365942b5c97eda50adbd52bfbcf02283324e9d63635b0da640df7c1ecff52

SHA512
aaca11f32d8d0004aafaafefe2f8c15afc01aa6ae612eb5d0dff0f748dade97026c58ca2313577388781b3dee83ed7b37043a3142b6095753e9e62c9e891fed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c03fc209757e4c9eb021d2b6aa0c949

SHA1
176790bf6d538692163b520093cf4f038a8e9ca6

SHA256
a16d00ff02cf7ddf56eb6a5d9506f239455ba008e8aec6cfb1908ff121cdada3

SHA512
818fddb2e2de287a30273b0c9a5e35965b89373999ca05984d1789ee5d5e79bb9dd18ebc4e47e90f56b98ad6b667cfc1eced97b2c87e2c9218e8b1750f58d403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c55bc76cd17e0781ba379c05a65d528

SHA1
e11ed804321cba04796d6df6309e807ca5390d88

SHA256
96e399eb9bc716c3df10585eca80f7ec0033e8a071a7f3063ae0e126fc0df9b5

SHA512
e324d69a9bce2004fe6f1afd60fa0f453a3031d1c49a35e9486df9c699a8dc4828ee3b11dfd4d5dcf5c2197d577527b7ed9eb7b16bd97f41d2edf2adeaa52c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
bf51212b392ae2e579ca06b7fa019c30

SHA1
e22edf54897ace83cc25e2ca755f5a10731c1495

SHA256
94b6e79ae8721110d0e391eff145f8f5a6c8614c92fa9c4d1e7801dfed01b3db

SHA512
beef3928c3ed99577b8330a842963608c0dbbd7799150b5ca8284999730c4335836654b6f8c0f99617f6e4fb5ba3413ce1d6852c5bcde33fbb57ea7326c4df74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9f8aca16c9cfd3800d9a54f7286e0443

SHA1
8d55a54a4f6388784e2df2b24aa54b25cfd329bf

SHA256
1e881149162f3102f38eddabd15e501e29481ac11cbf316422132043880e7d27

SHA512
ac59f857468bc4b043482ec6eb1be1a765f1cbffa2308e19f36eb6eebf32eefbe55968d59afd1f847a4892678afb59ae94271e1cc58e0b47f925419a9cb24c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aaaf5d6c092842eb4f676457cdfcce1b

SHA1
7a3565ce0dc5a94af554b834563fb337613427fc

SHA256
8452f17f1833214337839c9c25c929231ddab5af1308a60350587438a4e2afb0

SHA512
1be88597284b8dfe657843bcade6721a84f966052a511ebf575f258d5a868992b656f6f2421b3aa17617cf28fa8bd4c6498194a7896e12e816e9825499a03dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46e44a1725b532073a89c1717c5f56b1

SHA1
ff283c570498941724874f19f75d51a9c8330fbd

SHA256
898c95c64dc0051ac6ec59fb538a8b5ee91ec5051b1de666879dd45fa8d71559

SHA512
0ea9f352ab504ef230328be4f2f4fbb693c654d288010884418f803e9430bde004dbb855b37e7dc4efa3d1a0958e24100a5fe2609432638afff57a6b2bf07666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df6a574e3fda178388ac2f69e4d10dea

SHA1
50b92f0d92b93dc987438e71e00b0fee82c6e403

SHA256
f397cfde06b3a8604138ed106d37ff43259a0adde0b5e81bed54e9690a75bd2c

SHA512
e3c153376023a4145a0a8a532f351eb202301be9055330a92839306e3760c12791827707546faabe0c1520e2b818aa0c6d0e7e5de1cee278988fcb83137925d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0569dbf3e0daf826894cf84d8a358a9f

SHA1
66170713ae7c155ade7c61dd51964580af1df07f

SHA256
7bf783e03986873ba8379574f1a845e0f7a349468e2f18b2828639b6b92793ce

SHA512
14af9e40c9f015259dc613cb4a50bd1c4181c5d8c00e5195ff9d5bcc7fd2fbed3c8e3ba0afd727ec0f1ace6b4c3d5323d7e142edd6b02137ef384e5d76c94945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da9f7375226b41dd9390990a3bee6be6

SHA1
18f19434f53076e56a31e8cd9f4105f89c7e54b2

SHA256
c1523fe3e0fe82d1505cf30b0ecf146349b5052ca89d186707e21307112d68c5

SHA512
de3cb82498d2449cbd1844ebb4c468b1ed5dd985ec4ea2f11b003e8f38f5a9d0d380db9b2e3d57fa26c78ddf0495fdfed5bd2ac269589a91a0aa85de636a99e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3724a5a9e7947534901d660d9db4e689

SHA1
4e828dc2796c072632d53327aca25ca59007d490

SHA256
f1540ffbf9312288f64b26a81fa51fe12c8f93e296fa313d6b56a52e17461316

SHA512
ba33e42300536b379dd79c74866906f2a4646379066cf22c611642f657536e1355d3e58e4a70f2bbdc52b9e762b97e183c53d3038ee34d1ca5bb5fc9ba541b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
913567b967241794fb21e2840d36f3bd

SHA1
0956ba7c6edc770471f92c671e9e66902a4c99e2

SHA256
ac4056546257d61867841b8775ddd77474a49c39e0891f5e2f0349b8aa4ddda2

SHA512
3938d16cef0c104ef21caea72fefffbfb4ac6789ca19a1a5e0c36e3e99bc052e1edc2ad906c2d2e84ab4c6a35e3f2f6f8ddbc14f1a9e75e810f836aa2826a11c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f9e9daf76b4637df96d3f1f96af3aab

SHA1
518c9a1e7d94a627c402978337fbbb10883a82bb

SHA256
2c9c13df9fb69d8d1446617e3ddac6c9143bcefd1596413b48bacb05adef3d69

SHA512
7387c6d12999a0d299517abec1a5c83564edbe0efbaafe9d94fae5db6dd18432a77b66e0c20aa5263661967ff7f950ba88c1bbafec0fbcff77752452f86ab66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52d5fc33d7cda0e4f7be3ae58ffdf2e5

SHA1
aca48ba692b1540445f0da8f8ffbf8e1a7947325

SHA256
0e996efd6da461eafc0ed91e556a05bc9bd6304bbab64fccf085dcbf576c4637

SHA512
ca23af5279baf69e3faec6184a17d30abc3bf0dfa027fcfdfdc820c381b2565a058f5b037b30fdeed02274b77e99556936566879cb410b9c7367c0cf19ce9cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c479a350b68b035806d1d5ee21c12dbe

SHA1
4adc77080a0659d3973ca2e4f6dab269f3b60b0a

SHA256
4c50d4dcd43e050d349b91398f989f3d8299b7208a2692ba0fb6d79f4449dabd

SHA512
3a778d898bec7730d89578703cb94253157c388e00af30e208d82009df638c4ef8451a3e43652c58f62012c5bfec964298131c6e9d0c68dd46d4f68e43766428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d1b1cb56e7cbf80fa826b3887db2b37e

SHA1
17027f43977b970b3686cba0e4382d8c8fa5b962

SHA256
cb0b08fcb1bf145dc603228cc292f60d26d1c399645d29b96bcf4df013a2e1d2

SHA512
0edb3235cb5f1d5b968f07ba47f63b30b12f16df7a13850b72c80d77a90edbaa6a7f0d2ac2d774d69dc65e15ad861faf697b0d73a6659edcd7d5e09bd3ed81f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e61df3fe27e59b5328da62fa43cb1d0a

SHA1
d0ceac92ad3306b477ae856b3f3c29debec9b5bb

SHA256
4ae86c7673a749e24674e7292db6494ce3f19e231f3d3355761342ca63723e14

SHA512
ba4a6bd938c024d610a8f318b1672315a2172db483eb372e4cfc3d026e82b532a64b1c39deabe4f6523be64ef73a3b6fa3a654284f3164ca527f7abe2812efd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f37d3ceed02d4106f64529a00494d9b

SHA1
d70c0220fb8fad4af551e8d659bb3539c7f390d4

SHA256
554cc9f340def1a2bbff267d2332e6501d0389ce05aca5c47da5d63194795d34

SHA512
1829202362726a3a9bc9dfe538ce416f1020b2173a43484784a865b1e8f10490763e209c33c17f2d01b0a1edeb9f0b0561b8a6983d2c0ee2699038fc6fa154e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11231378d5dae156cc465f3a2711b50e

SHA1
8bc86c13d164c3cdfb515c6a0a4e83c9e623da43

SHA256
e75be35511bfab1600ff40e9a2d7b3268891538c6b487f11b86b4ad7afedddc1

SHA512
9d1056c31f0fe2a00e8266c87f1d4e5ddf0c392dcdbcb42c48f18cc8ccb5a82e997c2a3a8cc2be3800cdd0c7263757e8482785c03479e8238b2c0fa4a935ae6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36f827deb946f6602514658f888f9e0b

SHA1
3100109598280cdb342be0f60f6a3e8cd3a2c74d

SHA256
676823038c36b0a5ed56548e1c7cfb56f9671694ca15e72b7855f83544314fbe

SHA512
2da96c7b572121d5be774ac9239702a47018c53f1c300801b418d66effbf3224d1cbeb90b6ad391ad373f038e2a574146b7164be008e64a791fee8cc3d00771e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd553fd600f67a41a9e796e76142b4e9

SHA1
a2d927cfe602de3a73b9057338843ecc883f0c70

SHA256
4f7f92ff9e0e2d94cc26005f08593689595997bf1e71310407018ac3860b90e1

SHA512
30c47bb4174639534c3a4d9fb5559759d6983a4d3790c09e74d9df03ca869840a437cc1df752b55ad95ecde2c96be6edd17aae6222a0b6922c486c65ec15989d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb19b8ba722d732e9d264de58f9b2972

SHA1
f4e443c44c2e0be105967e12ee388c98bce141ce

SHA256
05d1d8d0e0822a4289481788fdf969505201f37028b93b0d038a72dc7fc2ec01

SHA512
52ec0ca2a65d60d22481697bbb1985939e14480661e1b0f300c7b27f8013df78b1aa4c2532ca5b4c22ccc28492fdf22aeec9637e20f61b5c093158e30629f042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ab0c41b2eb2401c6e160afa2829fff9

SHA1
bc65337435d6361c776ad4dc890a8148a2bcd50c

SHA256
680f74c77e3734b7d9575b6029d92aa71fa9804b6621c70ead128a686fece202

SHA512
460e3a3497c8d91a6da745b72467c50ab40805c2057b988e793d5bbf334161ff627520ecb5abdfbb8cef0a4ee7ff37728cf5cc65bd9803d07ddb5f39b2273e1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a8ce36e48bc0dd5a1872e0911116dd1

SHA1
60fdad73b9c39b63dbd4adbbec10e2c5539d54de

SHA256
dd97889e7cd3d6505a71a56f5183020472f67891b198b88ce21b647855648572

SHA512
a33160c1a2a08333a2d83ded5c7da0c619b9c20a25b419655de881c60902419d1332be112cc3f0514dea5c4a205ea23848157d299730fc53c7c52a7812111efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab0139a054e37d6ecff3c56b88f66765

SHA1
dfe6817ef6c7a507c1b08993597756cc10d405b4

SHA256
54a7be650c373e60a397e4b7f455874a47e2c3b5a0160ac491a5ea506379b853

SHA512
b7c246aa2064d8ab7799c5946428bc6b206e071205f9906f83f861229d4207c475e636cd0149bdda309b65a33a6100d11f6c278d3614be66e6db0c8db5c601d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1e99e6235daf6e7b016a2ebd36d6822e

SHA1
ca312397543a5c19deb732b5a94f891d42c01b23

SHA256
6a425a6806f40a9f20eececa45ff5b79f44cce89cd064faa17ac073f84fc97ff

SHA512
09e232783f95a8fcd11d5809fb4e64ff4bfbffbecb283540c029122e4df056c2c57a5fd2003ac6fa0ba0945abe7cc42bf911ea469e00794d103f85960aff565d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
6fafb107a2950050440059178d524723

SHA1
4f27aa0542ffe88510253d0a310014e518a20433

SHA256
29dff2cdf413a8b147fa8e9ced42af8be6a63bb9bf8c26aa1c7d25938344013e

SHA512
e67a3258590b839eb98f68d2daad2616b098ec7bfe915378464c7bdaf33c22f8606d9a2fedfb6e11484be07a0c43a751b692ab6f9a0444d598c426aa835caad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00002a

Filesize
16KB

MD5
b307c0a6a0baf7806c954d21c12c0feb

SHA1
1cb4cf4b56c71ef75620f4e544d14de605153350

SHA256
25a2add58b2be163fdf2f40b6e36c55586a98f4d12fc68d13506968dc0aa1f08

SHA512
2c21866c5e3d6adde49b1a1fe772d64b23f9b33c5e854521315869ba0bd0c340deebc1fc19e04016ca94e1b0e4eea044e7694d4bc2453a0716291ff870094e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
e9bac9e4312d405b6d2a37efc6370748

SHA1
6fea6de57481ac0ac0cc454d6c5576ec42aaf2ad

SHA256
fed5f77408619f3011824a28b74fd0adae010837c733655d34e2e7298470936f

SHA512
0abea9eae445b53483672cb4e1d8f26df3ed4b76c7247e3ea1eee74f03ca5b8dc5597f433e165059dffe908cb19247f37a29251176333d06b70f2ec1b54f3059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
6149d2a9d28c6a006ed89bdea42fb6b4

SHA1
8659b064bf23e8219e6d9dfd2c8e8479cfd3a4b5

SHA256
404f89a3a0c6f630a1f5a8acfe5a2f0c65bdfa0a3c6b95e320624fa7d46a0ad5

SHA512
359329e9fbbc8fc482bc911a9ddc6ea40b8249e6e70303de36b9730d49f7fb76e1d6d1c4d7d6096c714f1420df5588a369ea32c31fe3a7ee14c12144b484ffd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
540f133ea637037c93a408e62d74a474

SHA1
a49cba8c80c2f4f1c36fdde7e3fadf068ee4eb90

SHA256
4017717bb954ffe99a99c9795bd771a486b0c9b15faebc56554387274ed6651e

SHA512
633b73f28fa4cb847cac774cf45d3d33258f64a764db6981d1da82c472af97ba9a97fb3a6397d41cc1579861e2d20a6777ab59ecc51fa44123386680075a3bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
45830e167469b0f188cb9608df0a6468

SHA1
2b1d1cf11b7f214d825016c104af16a7afbe1c0d

SHA256
5b3d675801b8a92ac401094b39dde764cf6b6e2a9432f96bb9e953e6b692d258

SHA512
fc68dd852666a8186cd17e29906923a0996cffd6172005f605586388543fd968ab20638bf58a3e4d8df74db8c38790444bc54cb234ef0c24b75a427d8963f897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
428714c55cac88bc047cc52de3590746

SHA1
7845bf1014a19618a698663c541af7560f905592

SHA256
721f8da4a879daf121daab22b6b5c8cb70f510cdb0104a022a8a642a6b9960c1

SHA512
a3de8986f279b456c7695b545d8798d1b18958d4f9a783b5041e1c2c040389f97bce6c7ca8978f0b7f02289aef38c78869549484f308381622be80f04cf84264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
92553530d35a7743eea4e89c95e09db0

SHA1
c737d075017132222e4949b4c1697f314e606c54

SHA256
482acf895055016505cfb721c27ec5b3091cef72df1cdf82259135f01f3bdd80

SHA512
e259a59594d0c7b27a59dc49fdd282fc05767d51f012218e3c405c1bff73dc1a8fe72a1b52036e8e19c402ebb002bc017a1465ceaaca99e7912d1fdf39c37013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
c05459fc3e3cabce762b064d144d0a44

SHA1
2e086448caec1ac6b21e73f8bfc4eeac093127a7

SHA256
597499c2c3d2897109e665e71a1ca25eb8c5f62c11ddda4a53ab55e78f8a725d

SHA512
a86eb9f93f4abc8b3d4ee3ffceee4a388ed251b27260644cacb5e69ec820539d2f7f3c3c6be10cee6ebd59c8fefac9c5f6dd6f52dac8da2dafee70092b410aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0a38f2b2ffd601b091126d0764b2e769

SHA1
ab56df6d3ce77ae11bee6338c9c460913c68239c

SHA256
bb3ddb48988ef27f3221edd4eb3f0f53b4f5f90c723ad532fba328db97f90364

SHA512
598a06087459882b436d2ba41cc4c5439d19a80f31178e7f84d8f7587c285e8f91cf2a578a99014ed3136ff1173052bb07e94097be714cb1d91f2e556a67adb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
189155ba074261db4def2b806a5330dc

SHA1
d33581589e9f8fd88d036a52cae6a687809cafc2

SHA256
a741c981812b4a0e1e763bb7f41f0099d9cdf08b2c813cd8bc733d51a63a1dc9

SHA512
298db0fbc9f98a804d2bdaaaa2843e64ea9ee41c80e0ad185e8d2b57350d3d325638f328e56d542742acce23373a2cb3dd5511429e158443389175331089bccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
056912853262a91e2a44f6eecffd9a9a

SHA1
8fbf3ac2ba99f7c1807e827e8b50142898cee3f0

SHA256
1400666982cd929ffc2154bbbfdbb70d94d3f7c2cc481d2f3f88bb888f1d176a

SHA512
038358e68ee05b352c5bdeb1fb0f4a52813757177e3d7714e01a60db2bd9143af182370b9c2b76068332dd3fed4aba9ef2b04714a0f4815a0da4b195c7e219a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
e80fcc5b51cc316e8cec7f7456d1819c

SHA1
769077e1c887495c6e954a935c98b1e30b5b9a87

SHA256
cd16644123986065cb3f175a107e01d27f9e0fa520a85ee6b0dafa205b5da4c4

SHA512
29cf7a48c85d4a1821ebc2addc7c0ad910527be3c8a642e727c4bf77b7fab226585b93932492a5075767e2dc68d3ab7971217d4d655189321691c4d9da405d92

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
a1b4a0a7d7dacb0130a276f876a853be

SHA1
8ac77b57b910431738c09352585de14917ad2b5e

SHA256
582e67a4b2c2121c547ef7bfe012a4322c1164682bad14dc466c0982004e4c37

SHA512
e90c6ca5a68f32a4ab67e83f01dffb7a54f13881cce91e486371f02af8c847832557f01b67b73683aca43a8d191e1bacebe4146063a9ed41e48ff1e20886aacc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
0ba1ae55576bd11cc9364eb79fefd502

SHA1
2604a5f431f0540290bcbe9aa5699051880992f0

SHA256
116b18604888141d98804ad1c63d8bf4a3e0cac3ee4264309700131bf9c3618f

SHA512
3cafc05ae61a8f082fabac7db156fe3548cd6416b7078ab84bdebd81d9e3a245340382fa89750fa16addf46ab5c13f173874919b66ad8499ffaa9717e46bb11e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
328B

MD5
b6e05d552186763f735aa7e17f33fb6d

SHA1
12917d18131d9b9877a37a1c546fba4b33a315a7

SHA256
4912024325cca9c6d86c94942357476a491c712275a656d55d4060e12a1f9160

SHA512
df52466c2fa2eabc787e39d0d0895e0f302f1210490f71ab30b48a47f05bbc540eb121ea6f8f9c72e5aaeeca7d5d817795ef20163d98c3408bca61ab5d8daf1e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
105B

MD5
fdde03896a2142a6430f41673724b705

SHA1
4d00c80e0801f7347afc0b980807e5d7e3e4eb8e

SHA256
08543fa2eefb110e20a840d5db3fb67df30e03072d1273feb5615f0ea93c6cc9

SHA512
3db41d1ab11bd43f90006db3e8aa1080f52ce6f157aa378b226c1db18d4b3536870ff1051a165d42fb9fb55a471927b8a09980a08eca73a22cf4c3cd9f7ed612

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
107B

MD5
f25e48e1d9e1e1398bc5fbc6885570b8

SHA1
46557c8ebb9236af6c28c9bdd317d1d25749e710

SHA256
0379e6a5dff30a991e0acdb9932cac828eb3e30ca8cc23447a2bc73ae78181db

SHA512
41e61480f5141b6950d7b96f3e4dfcca19bc480e0b11eeebdedaeb266c6e525f41f3d29a3c1c0bf8f17a3c30111d8fba7e269d5fcf84b336bee916e21881acb7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
205B

MD5
59352c2b0c590c5fd96365d3168d723b

SHA1
53ab571639cc3e3a38032c1095985f7f4278d8fc

SHA256
079db0d18cb8ca55e8653f3d67608c5e445d32e368feb874ed3fa1d797c7c286

SHA512
2d21bcd26ef934095ca5b37aa1e66091547870f5e09c2d203dfd75923d2575f93f1a42f31e4fb7b2423b766984464ed65b048f49519837918de246a892c82828

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
229B

MD5
e66787353fe13d974f200081778ae803

SHA1
8758067ec317de21eeb1ded166bcb31d38a6dbb1

SHA256
b4aa7b3da5a32dec327817ebbf4f29372449e2650b8d10acf6e9958628cbc67a

SHA512
21173be66533f0d60e3ba3ee7e21536310f2aaa73cec2986eda11a2d2d6736ddd53c533eca541f51d0db0386daa78221ca207811fcba616abb088314701bf7fa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
252B

MD5
f10a8c5f6da7f81d57f1d91a294814f2

SHA1
831792d10462e63f20c6d40fcbfd45d3194cb1ac

SHA256
ff6e49172d07bce0218b8962e3715e2c39e8a3176cfe4d5429d76032ed7c96d7

SHA512
a0da0e539b8eceef5801e39604f30390f477205f73708843a23d26f0942f3327b3dea0e508db64eec2f62836da4e7a3f89aca64857c4690fab1fef02ac95170f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
265B

MD5
a98d2945b7d398edd6719c8ab4e2466a

SHA1
ee05a319f8cc00e2cb722c31e29040215c970353

SHA256
07796a0698c09892e15665a2f0fe1ebe5526bea15dfcdca9d73fa2caeff62a79

SHA512
270fd92cd58892bf2b98d46b59c6f19373e58f161a3f9383359a65117e5312aebf3781f078e1d16c310a54fe0b59912d2ac6432260ba332d99fe37a4ec4d434c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
0805045547791cc887429893b60a82bf

SHA1
ae6adafeda314f3042cedbd7cab03a2bd4073bb5

SHA256
0f94eb469c15ad26e4aebb3f343fec959f8f1908e8a0ef7d5a9a6bd7f88ec38b

SHA512
2d469aeb7ae734b0c337ca4baee76ef35a8117d4a1356f7e3015201c02abdd071b45e2f990848a56421991b6d831a1645182cb7dcf0b0c6b3e09c40b5da4f85d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
c94dbd79c475e75f43f2297c9e712547

SHA1
8b948dc925b351d9a608d0b29eb3e0f60b300d98

SHA256
cd95d4eb7417a73bfc5a48af635f0243f3c5df2197e6b33dd7b42e926798a797

SHA512
13f65b8a90e4159157a541feb45403f2db95f04b21054097a297db8543876e1b403100baea49909e6f0a2efc99a3a6b90533e143a322e0bc520f8de84bf10db7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\AlternateServices.bin

Filesize
8KB

MD5
990f085efe76dd2f62703e6364261c6f

SHA1
da5d42708b556b3e45c5b76024113a9143109ac8

SHA256
1e712991efc6c5184d9ca48f04460d09edda0e25a8cc0f09e6271e6ad1ba3fbf

SHA512
8684a20814aafa6e82dd816c6f2c63d0e156825828fd4d14b216c28937a6e849c1af8d80fcbb49e64afb774ca2e33e81c7938e3852d823b14e116fc2278e04e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ebbdfe62c281d033ef1f69a4c2b1a861

SHA1
36f7bad962e1d61dbbb3378832f1d6a72f378c7e

SHA256
b3bf935877f24e584b1c83d0819d7f95e4f0be909e6b08de58e640bf6b04a569

SHA512
db8811ba3de7b30c25ac5ace269774ad809d86a4182b9403a6522241bc31359b01918ed562f4134dc38844e0b618ab03e5e60a4264804c4ea65c75e3736f3be5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
81a276bdbca32574df9b946e03723c2f

SHA1
b0eb4cb3ba3b40a1c7bdcc90de3a7a566d61182e

SHA256
479719d74594a66c098b1acf4dc4b0c2a0c74fdfa0f1d8a6b883b2171d8f33f8

SHA512
b840a964bbd0da4b0778b4a3054dc11b4dfe88df3a9dc3fb7e5e7c3e5e7c8dfb5a75b04718cfc8e2b00280e0767e3f1c2d5a2bc4b02aa11b1dd273e1d101a633

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\datareporting\glean\pending_pings\2b5beb47-8c56-49d9-b265-e51be26ae1f5

Filesize
756B

MD5
ca66964f6f2cf5bca448d17c2a982a99

SHA1
4bb50cbe907b3a9238aa7284ffe368e297f7f63c

SHA256
c00c75d58d67cad0ca6b7e588859b9f5169fab3a92463fe39b3b3f716a40f2ea

SHA512
b030b0a771b60f5001f690a9b7b2950e362d907139b22089635835e7b7de77a71b10b0e711af870c1f02af5f4e79626665db0c8041f4c829cc232241cc48a2a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\datareporting\glean\pending_pings\35d3e754-37fe-485c-93ff-1cc136e40f61

Filesize
982B

MD5
20ca22cb84f059b6394c50595e074beb

SHA1
c26569f9ae47eeb49d606337df073d58320a4af5

SHA256
216c5b19c0db7192b3096fbfba298a9f6ddcf5f9d52d15e1d3d1582af124d2a1

SHA512
d6c5012931e4c0a220300e58651052aad024c5e5eb384e56e2154bde78cb5a076461840eee91b652d8d93a2c50a76ffb4b6aed09012e7244d3729dbea0159f59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\datareporting\glean\pending_pings\83de74eb-1dba-4c83-aff6-af13d0f95600

Filesize
24KB

MD5
16b337bdbb46d45ed5bb214d737e913f

SHA1
9cfc4010f4540779491a7d74d9699fed407b964c

SHA256
430e34b5c9f103e1c9e82465da11738a23c3913ce5b0ba2bdf02982a1ea06884

SHA512
f56bb173c27d9746192821eade23b9baa038eb66a63019a8dcad9b6973ef385d276a9aa37fb6aac7091c95160f69695b05498180a6ad0ef9ec430437254858b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\datareporting\glean\pending_pings\abb6c86f-a430-48df-8619-38aeb9517e14

Filesize
671B

MD5
7299234140c49adcbe5d993d51bf104c

SHA1
416dda9df1bd1926e6e061a91ea520cb794116bc

SHA256
9196d53b48a505c3aced012842ee5836bd4d19fdd24e12a511b9b6fcd20c9bd8

SHA512
2c7796b31094bdc349cd905aeeae8b9827e47461d6094654789465e754b6fbf9b65458894fdefea012ca6cbe27cef8a42fbf4cb13f65a92719513c48bed2f037

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\prefs.js

Filesize
9KB

MD5
35551bf7979f5c72405bb50fbad42bfd

SHA1
77d0e84c43ce1b8f7393cb8e2fd55c60cc75b2f4

SHA256
22a96e9fcef0076a821205027ebc24ab5fabb4eca34abc23d5fbf95209cc37c0

SHA512
c23111f7663bc25f2fdc1e3518a83095823c0320a1643ad09b5b7f09a23f5668fb833e4119349903daa7bdcb91a56f0a0fb845a967812e2e85e132f4c24419c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ps0kk9ov.default-release\prefs.js

Filesize
9KB

MD5
a27e1dde6149a92cb51a690373d9656d

SHA1
87c9ca14f97bed5ea94ca393e75a90ea1560d164

SHA256
2bb066316ec386a7cc4775a161a6b65d0bad98740cad37d5eb2796e477b66a6b

SHA512
755da450e0d61f96c77b03649a7d47ebf0f4cc3f9ef2884dac77fded911829c11b5587f935b5b6c95bcf4919c8d896e2b46707dbaaf739a4df10349e02f0dd5f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 261190.crdownload

Filesize
3.1MB

MD5
53cf9bacc49c034e9e947d75ffab9224

SHA1
7db940c68d5d351e4948f26425cd9aee09b49b3f

SHA256
3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3

SHA512
44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

Download Submit
C:\Users\Admin\Downloads\test.exe

Filesize
2.6MB

MD5
c0edef9215bdd5cdc8b93888632b30b3

SHA1
9677554036489c5b3ee217b1e4994f767e4ff946

SHA256
a3d2a39974325915f5a5b19547023c79d019e96788c73e8dbd54782b01b77b8a

SHA512
3629ff39a3db0389305b40c6e59826cc17a810163972d318323bd0782feaab4a3e314e40ed5ca51ed3a546c817f6d5c8fa7b7ec3166b070430d435458c4e47c7

Download Submit
memory/1192-975-0x0000000140000000-0x0000000140EE3000-memory.dmp

Filesize
14.9MB

Download
memory/1744-17-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/1744-67-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/1744-1-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/1744-4-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/1744-0-0x0000000000394000-0x0000000000CBE000-memory.dmp

Filesize
9.2MB

Download
memory/1744-68-0x0000000000394000-0x0000000000CBE000-memory.dmp

Filesize
9.2MB

Download
memory/1744-18-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/1744-13-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/2492-54-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/2492-19-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/2492-125-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/2492-113-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/3736-981-0x0000000140000000-0x00000001402A5000-memory.dmp

Filesize
2.6MB

Download
memory/3736-960-0x0000000140000000-0x00000001402A5000-memory.dmp

Filesize
2.6MB

Download
memory/3736-980-0x0000000140000000-0x00000001402A5000-memory.dmp

Filesize
2.6MB

Download
memory/4392-114-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/4392-21-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/4392-126-0x0000000000390000-0x0000000000FC5000-memory.dmp

Filesize
12.2MB

Download
memory/4832-961-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-966-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-977-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-964-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-978-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-963-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-962-0x000001F2690E0000-0x000001F2690E1000-memory.dmp

Filesize
4KB

Download
memory/4832-965-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-967-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-969-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download
memory/4832-976-0x000001F2690A0000-0x000001F2690C8000-memory.dmp

Filesize
160KB

Download