55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
75s
max time network
78s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-02-2025 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2580446533-3148764140-1073334258-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
6056	AnyDesk.exe
6056	AnyDesk.exe
5464	AnyDesk.exe
5464	AnyDesk.exe
6064	AnyDesk.exe
6064	AnyDesk.exe
1108	msedge.exe
1108	msedge.exe
2280	msedge.exe
2280	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5104	firefox.exe
Token: SeDebugPrivilege	5104	firefox.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
6064	AnyDesk.exe
6064	AnyDesk.exe
6064	AnyDesk.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
6064	AnyDesk.exe
6064	AnyDesk.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
6064	AnyDesk.exe
6064	AnyDesk.exe
6064	AnyDesk.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
5104	firefox.exe
6064	AnyDesk.exe
6064	AnyDesk.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5104	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5464 wrote to memory of 6056	5464	AnyDesk.exe	81
PID 5464 wrote to memory of 6056	5464	AnyDesk.exe	81
PID 5464 wrote to memory of 6056	5464	AnyDesk.exe	81
PID 5464 wrote to memory of 6064	5464	AnyDesk.exe	82
PID 5464 wrote to memory of 6064	5464	AnyDesk.exe	82
PID 5464 wrote to memory of 6064	5464	AnyDesk.exe	82
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 3536 wrote to memory of 5104	3536	firefox.exe	93
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4352	5104	firefox.exe	94
PID 5104 wrote to memory of 4916	5104	firefox.exe	95
PID 5104 wrote to memory of 4916	5104	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5464
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:6056
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 27205 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abce1a19-76c3-47f7-850a-5caeedb777b1} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" gpu
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 27083 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff523d70-6cd4-4053-b8e0-077fec195545} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" socket
    3⤵
    - Checks processor information in registry
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 2864 -prefMapHandle 3264 -prefsLen 27224 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac11f739-52f3-4fcd-b3e2-3de7538f6b65} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3360 -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 2780 -prefsLen 32457 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d200a5-f1ed-4ce8-9de8-38941b92fc79} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 32457 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c776cddb-6e81-482e-b3f9-3b1a22d97270} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" utility
    3⤵
    - Checks processor information in registry
    PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 3 -isForBrowser -prefsHandle 5536 -prefMapHandle 5500 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea5b17e7-c10e-4654-80c3-09add571c3f5} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
    3⤵
    PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5568 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4fa83a1-85e0-42db-8da8-3639b7d75ea4} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
    3⤵
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5884 -prefMapHandle 5888 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3581a627-329e-4737-83ce-6bd39392b1a2} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6336 -childID 6 -isForBrowser -prefsHandle 2532 -prefMapHandle 6304 -prefsLen 27305 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a1df565-b817-49ff-b272-ef3a9dc4bcf0} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
    3⤵
    PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RevokeMeasure.mhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffd712346f8,0x7ffd71234708,0x7ffd71234718
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11046672926265552835,3354936036321487923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
425248739d77afa964e1a893d2ea5a94

SHA1
ae91c41cde6ffe01839ae7e61b193c241d18a513

SHA256
816b3a135562fe43c926caa3e9f2b6271ec5fd7e44d6a05dbc6d7cf9504aa254

SHA512
c4dde9efb7f500f7216d83e9327b03a1905568da3a7346668100792d4309fce8ac2ef1fe6124ae06a4686762b4b41d5ab7a64343c446b60c301c8283d9547c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce8ba87d2d5894f6d95c709f9f05a323

SHA1
2780cd56c041092be67b8cef6e4c4cd2f9022086

SHA256
a096ed77cf2ed915e28f2245b7379e6e106ab6d0e746e480375a3039df13f5c4

SHA512
d42a1aa6e6716d12c7e2ec4961f89f7c527404800f5eabe9fdd79dc5abb2b0df2cccab713a6fa5096c7d932bbcb8b43168991611decda3667a3a545e1996e1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
852007ad9583bb049012add5cf2b31b0

SHA1
bee6b72d52bc5a15a0c2367ab9bfc4933d0691cf

SHA256
a893ae01a13cc38b281a275d1400aa277ba36cd54efe268ea6bf748f9704ba27

SHA512
423c9f53fc482eb9957991bc18ae7e0c5f635fd66c9fdd796bdde9c85348d3ef35c728d98c70868f569712a66f696130fe50e5952e5199dee4307c658634b9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
dcb3a22320d5a33a1efa1b4847ea4bcb

SHA1
a593fdbecd26610c1891961c378941baf8560398

SHA256
33e7feba556087bb8a0abd289b518350b77d05b7a551700fad1955048e59ef85

SHA512
0ebb797fc67e557d0960f80e5c039efc238cb64edc3a7fccc39eb2142ada726ed91498e83abb725017953c3c900943364793c8e6f952a7c2784e27748d83d2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7a3d07db414f2e45fcec52f93e9aaf9f

SHA1
9e354a83f5faa9129068f49f013dd74884a4a4f8

SHA256
040fb7806d50b72668527e66f6328951e21fd2710c3bdc84b142344b7039f3a3

SHA512
c531729c481ee14c70f0ccdbb905ae286f07a0ff2b30c131fab38a7007dd913243a71dd3b8b3c0d53e073f8b9e0259882d3e19e5dfac9f26f262983eba440221

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w69s77rt.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
29104aa39fecfe32428fa3e111bbf42f

SHA1
6f76f5fbb0178e85745edf1bb8da6ef64048355c

SHA256
a3bf0e2662fb141e2d4b4167bdae5495c10d307238f4d2826f3733656dfcf053

SHA512
c981261fec344c249c8c6834fc6fe81a4384bbc457fe086c1e50df7a3099cba100616cd5b61095efaeb14027755bec845ed7dbc805e52a0e1e9d4c4b7d67f499

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
c3916b24cf697930aced8a8f28b9cecf

SHA1
5dc2c70111d943a9b5e1e220ab21f7a0a6a52d77

SHA256
8410cff491bf3e01316922edd0bcca6a6be7ed9c469a23da91ef0dedba265459

SHA512
6aaa37217af99259a96d955beb74856c7d96c9cbae39088874417b4f196b953d2deea3727f91e7766681c268e3144d2990ad2128a9b97f1aa8e6e01755fed56e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
109a21363ccdc703d79834b2410d38f8

SHA1
e4ed8c88bae625f4bc08cddf875310d3256b371c

SHA256
3038f72dd42ddb944adf79ce3f9869ed6834aa545ab770d16e92e978f9267233

SHA512
d360dc987805a5c9411932b696b5b2885e4a73f97b342ebf81c2dc2de4ebb3895948ba84480b8b287934ffa7f03e081c7b206212eb6c19214fae78c72b418340

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
6f7118c9ce8d1012593e40f531ffbaa8

SHA1
3f38a5db6cc6b28aeeaf256b7826275c0005c0dd

SHA256
28efb979e53b598900157b4a94f1b8e93878d0faef4fbbd5f6d848ad4e9f18b7

SHA512
89669566b35bb5bd7ed9808cca2d1fabf98c1f095df4319586dd91a24f2e97dd439b4ddb942e43cd2d2b6b43d7269bed4328709b275d9ba1c621bcfc34cbb831

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
576b3a040dfc45af4584c3b43bb1e679

SHA1
4a490147acb0c81d76dca9cf90f17915db48fade

SHA256
f2b37b22263803d1a5d6be3a86a1072ec9b22ea3f24f05f498922f084f9ff1d0

SHA512
bd354972cb7480e41074276b027254283bac24d4ecf83b7948fd1d69267b6998d695a31b92d3995ac49830b0d8a4343caaf4a8eed319b4be15cc0d22fb8c5789

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
738B

MD5
7d02a5a3dd14f35e5cf6df48d2a1198f

SHA1
cef3c978f53b1100b42676b613fa71917f5dcdd0

SHA256
47cc2783a995d217cde407d14360b1a749e2bc9bdf055ae75e456f6b2c17a6f8

SHA512
27c3603744950d3446cd3515f3892c2a952dc9d8eef90f080db23ade1344fc7a0f496ca90d4f64b79a9099f7b59bdbad3ca1c67fd1de4c9908ffeec0524c9582

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
9df298a1fc4fb4ccfd443a7097745bbb

SHA1
c1f9d8b6dddecbd074f0043ba709ccf3117bc430

SHA256
0222b2cde5330c265650f87d4cdc09fd2c899bdd263754ef07e8719166a1cc09

SHA512
e1d259409bc24005f71a4b455b91e9c27279975ad93c435ead03266609f3abac1b61d78258ca5094e8d2ee2b1557f6983f4cd054e28197c9afc64d1bbe07cc5e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
297f1e67fb11512b5e745e4147e163cd

SHA1
aacd5bc1b6e3c5612f91017f2443f24e845b619f

SHA256
3e1ad5c98a1c3ced00878480214c93ba3c905978de040df5d9536b0f432b1c9c

SHA512
9455badb502320a6626b09c10262643a363b3521e74c52829b429e48fbefb00877017ed89cc2357676f34db404837bfcacd7adb71a5e69b6c2a659a1638ef7ea

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
c716276b9ce62f925d62b75f02958011

SHA1
51bcae555903a381ca2ca1b6a4eda08c01b5dc33

SHA256
11360f8273379509a10e8705d0def484475e6936662b08fc5a1d147c5ceabc7f

SHA512
3f405310e50e13beaa2a7471b98909704ca576f35359442ffe0d6a5084de395528b9cb8fd0c85bf1c58f8532fdc2ccd3316fbfe221e7052e755cb2ef04836b43

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
cf51cc2fb653fd519ce3b7688524f2ab

SHA1
4dc1396155d7fd028077960383b263b5e73b660f

SHA256
ab35e646daf16b610b25a8c2612ea65a3a4e4750a821e6eb7108ea8a97388e5b

SHA512
2d931b62e5ae9e901e501feb8b048de0f7d263e83f4ecc33da8903981630c0432815c2be2178d19bd4d05dacd229187b9c699c762142b38c06f978a9694990cf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
793e6a63be11cf18a571716fced6762a

SHA1
706c161e6b79b30d610268d39e9ad31da5c33fdd

SHA256
f07c1dac323a7199c684cfe3d84c5cebd9fa4b60999af4294c086d3942d5542b

SHA512
226e9ff7abae63fd8c2c88390533ac509a6a57d6ea26d073c11082c7fc7c4b64ec38b8fbd3a60adcef36f4613697703124363533bbd08f2fcbf4004c23109bf9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
e231be4932bd959c21fb8e70e297ec5f

SHA1
651f7028153acfb5fbc960ca74f9d968b1730b38

SHA256
b2a285b75a5434cb6f20fbef277113c5a223d2a98ba1ddf8598a6a1361420ec2

SHA512
87d181065ff2c7aaedd058c2b8bc25a475e562a49a68217c2f3b32df685f235b8362efa5f981cd22105b3cf6ed84e0bd4156b55d02a6f7fb6a7e8c752b28fd86

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
68e92278af88bad35fe0057a2c6223bd

SHA1
89da7ca75713ccd75dfd252db24bb38f8b6cb342

SHA256
d315578419b51142e486803bf5cdfac3b4491e09b7d20d06ca9efcfe866cbf0d

SHA512
bb404c00e6930d6883937bfe8ab67cff72177f36a598fe68c42de683142d57a36d9354aab9e75451a2be092a1c43ed59345e5fad0cfdbd669db4297f57e6b9c1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
793e0104d55af1e99ecac83dfd26d51a

SHA1
181b7f25ae1120b88a38dcc80d22442c2aad80bd

SHA256
49e3aafd122eeeec5e3846070771eb8f8b55f2614e9a18b8a7a2be0723e1feef

SHA512
4aa4d12fc1a30935b1d78017daf8ca4b688c234cb1bc0e191f37c0dc9ca485e4b83303ddefa694058cdfe2bdbc865b92f3d1a39d8c2ae9e44789b4ec5c4e78b5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
d81d55190b1023d7464e4b27697144de

SHA1
137dab413f1e4586ee45c9440101110517c909a3

SHA256
ba48c686d679199b77b01331195979bae143e644d1b1029ad070dd6ee6c36008

SHA512
fc4f2bdfca4ced46429aad3925e472f59c54f0f0c086b69976ae0b29bd93217fd7c29a6347b170f106c1397a08bdc51178a2853542621af1d18e94ec1a8b203b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
a93987d60bbbf4790dd2134c06ad4cc8

SHA1
1d5248e8975989fce27b3bdcf89ada2242c4960d

SHA256
ecae732250f4ac50c2d4e27aecba836334c75626f53ddc454b89dba460639fe4

SHA512
afd20d29857a1b72bedb2a26dc8ec06c21e7938421b283d3bc966eb1ff6a9542e9bb4267699f11e1f069b3f663802c876f33f09a9536a2c35a4b47413afa4b5d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
4fe2c1b2f1a99d94fc30674248ece723

SHA1
f9bcb60cc5ebf99e8df3b965ae522641cf7040f0

SHA256
8c1048959036d29b7c5e3580ad006d58a59358027443c5187217cefbfc82d2f9

SHA512
008ed464a497a270a4e44a8406ffcf1bad994002fcb20b5aa038d57962b1c8d83e16a122757bc2c23141f7f4f9c673d7e057b1aec7b2a2f57147c5479f8ec0c7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
655a694399abcad613933f04bf2a093b

SHA1
6f2cf9746292542d692f9903636bc11912f568c8

SHA256
1a0024241d97137bda8ef84e579994c063d75379718ac9491c9966bee6193091

SHA512
9d59deed8cedd4337679c1142ffdb07c1d4740bad1e3da8667e04de8a9e5ef1af0c0a6e6485ddda5ca840346f6618f83c2359c56a7a52f2fa34191a511185f1e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
cde5e2c82e92cd3caebfdd67f1c621b1

SHA1
85139f30636290ac549f11c8a55981266111b3da

SHA256
1e0ad607c8a67a623c75652836376e86f27180bc72d271cfc5c575c51d4c628b

SHA512
2591e7cd4e1516f9af2621a3d2ca0d70ed986b28d884f09a7af3e5f3c21c69494da2cf359f7f94853331d2bf67781aeb63f14c071b442e4f0a356aae3dcf210b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
113454fc3218d916a900217bea31d853

SHA1
5827638dcd7f2be2ad16545570d667fecba4a9c1

SHA256
9443386558213efe371d42d1fd86e516271402c7ec42a7c1dfdd0df3d0945592

SHA512
166d8de198401a58bf900215489ba74df898d9a2672ae8f2ed09bc856a96ec599ff85c13e2091c87e5461d00e3f78db0aed094ac9f9622cfc25f12237abf729c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f4b75cd8627dfd0ee4e6981ae5372a93

SHA1
f3c35bc3fd4c95a7a352b625cedf613dbbd239af

SHA256
830acdcc14f418723df4d28cce55bb05dbf67f00e55ab1cdc0aee511a84e3242

SHA512
726551db7c22650f320ee385891fc748987d2511cca6d2b63c9890d4b7edb0e0f6199933ba011320c6c7a2e28e7ac94bcd310b43921673a5ff93e2e253d9598a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
deaee7e35e488dd3caa9dd0cf577d455

SHA1
b4fecfa77671974a89c1bf86af00145104e4340f

SHA256
edece7a2576b7222e769d074ed6b7f7c1ddbab01ac731938dc813f60923b3186

SHA512
6bf7794195752bc8714a4b772f8c876db0ab0442c8638a2c17dee289596599f5bd2ec3ad0ea7eb867e4fadb288255cf190f4272f6ff8b7fe5be2316df576d563

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
fd6b8f100fa323bc2d19dd69858b185e

SHA1
8900553dffb71f1084704fb6a546d07a7335181c

SHA256
23eda96b278362de28a3d55a4b7dce638904e732bf635fff4c3c8a3e14a72719

SHA512
b2bd9c9ca66b0335132a4964baf060abbf86841cacb6402761ddc9c8c940f80fc713b225a6d4a1379d4d6f867f04acca60add6d011276adef0c5909321f7deed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
e6bbca35c70e8e59e8e37d008fa6d737

SHA1
e8480253e889dec69fcad01ee7bf02de99653aa0

SHA256
edd68beb8097880c93f9238444114bf2e52aa7594914484de991e0101b2960c8

SHA512
abbae57e6253fbe5b43f8cdbb6afb69865597330ce2601f22cb91ce3ae2e4ffe51f0f10bb809ad19a9a0a500f3a8a512dc29fe6990db124ef79e29500b6a7d07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\AlternateServices.bin

Filesize
8KB

MD5
976e770148e257308bcc3baf119400cb

SHA1
332a3d75411af616d5f4802118e540cf9fb119b9

SHA256
d6a2b765d220eecf3af9b61736816994197a4c3a00488f298f5dd814c624647f

SHA512
339f8284d50ca88da4bc849df04044a942f944a2154cbbd60d56483d094706284db5849b4573a2bdceb2b8542df16124fd19a741796f7497e63454c24ae4302f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\AlternateServices.bin

Filesize
12KB

MD5
81326c13f0aebc222dca47b3ded76ae8

SHA1
b78eba5b435a821e46d9799f111154f84cd8f917

SHA256
96339e4b862f9131b4c06a8242ec54212a71eab2a6e8c1614c509efc92192cee

SHA512
0670fc1ddd99dedc000313226267423531826fbe8a4db8f207f198f20447d61c5cf424b0d66c42df7f5329967bd2d4c3063f25ce231b96385da0d86a12ecf1fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
71a7aef89b4761b61103b50852dd7911

SHA1
2d969899876cdadfa10c28553dcf5ef6dd7cd9e3

SHA256
a17e7141caaee0d99140fb3141e520f5745a5e07fbce66be0a9c99cf6614ff8d

SHA512
e6d9d89b5885afe1f6531370e4817006ec7ba878de7641817b6f7cf48877c29b7e9cda0eb694bf2c121e7a6cd3749ec3586ff5e819ab19115e842c6048ea7044

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
75ad813df463bf688a73671c4c76e725

SHA1
c10f59ba11872be5d1fd5ad3ce6279ea051eb186

SHA256
5b046f7d1e5ad8a7f81817f6992daef123fc39f1ffae2bd5945cc5cfba98badb

SHA512
065269336f5bfe7850092dc178066a9a21ebfe96ecd4948f60bba2cf9babae1f3090dedc2b624850c01b245802fb1f0261dc2a49cfd09c9692a50e5abb41cdff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
f636a12485acf247c91b1cd97a8115d2

SHA1
5d091e0f69ad9bfd7934718c49dd007d64f513f5

SHA256
58c11efbef32a9b1437e095aba36fa268a3d70c11cc4c0783918827dccb91821

SHA512
0d30f938e3345ef6479eb8e78e69680d16554db17a2b4d69dad641053bf5dea96c3004e223c73a61497989c4521a4d422b8830547a34ce78972bd26582a158f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
dd32444ab4123b6333b0ca17605ea55e

SHA1
20c46f89ab5bd8d7324df18b1146d30d387dd162

SHA256
b1d704c35e88b1dde4bd32d5e34cb887636e74820ee98d2ccfff374f93a41114

SHA512
79d0d08f26cda6173201c2a36addd870ce5eb1fbef3cc3f7bc9d16b9abaee4d36ce697e0eeeba5f56886812c10aca570baf96743947f3aacef14cb4896f93c21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\pending_pings\1c01500c-0f95-40ba-aca6-aef34f66474e

Filesize
982B

MD5
b9c8975992ea528f02adbcf403d40cd4

SHA1
5c08c243e3d86534c50b91f059d254f86320c1b1

SHA256
89ef4c5c45551529b07d7ddc5de215e96288a13c2914c972ea2b70cc0ae4d580

SHA512
55a82773c7ecc922d02ac705402cf5c7aaa61f0538e8f80a19a1fa7d7ba23e87b8639c4ad770468a712118a15c4e3a1a17c2a4aab14da522bc9483892b79ba2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\pending_pings\28f5145a-00f2-4c1b-81a7-3bf79ccb9625

Filesize
27KB

MD5
494fbf3ac3e88d86631b5348d4207417

SHA1
e05883d79f68356110100702d9c30c1ddda7e3e0

SHA256
94ca5835f7a84b94d87a64710518cd03753a6e95a459591e9ef3264d536b974b

SHA512
f22423cc1616e16d7785d79c3385955b4a9c0e1385e50e6d22331459106dc5d6dda12f36333e401ec10a140918edb77077306f9c01214998c9c21d5d8e47189a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\pending_pings\a2e55200-79e1-4e8a-ac9b-dbe6b033ae0e

Filesize
756B

MD5
1322a7e07d6b587900290270d70a502e

SHA1
9340bac7f91930025d24541ba8e303f4415a3dd4

SHA256
7c71df10accbbfeaf4076961ce0d098f3e691364e9930ea18d1952b9fcb64eaa

SHA512
3c7c6a14bee9eb5556e017dd6b4e3f54aa35eec4300c256d1269975bccdfa84a9b9600848f2709a07f8988f30f7c498d4e1848572d096739dca63dd8356edb24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\datareporting\glean\pending_pings\b7288a7a-70a6-4a29-b7ad-c883a0706137

Filesize
671B

MD5
88a9c43b7927b6b97ab4b4efdb413078

SHA1
7517b0c5879ed5fe44eaefc5619d0c97cbd7c984

SHA256
fbc2eef7f9466262d4c8c7658966175072310753afcfe4360c2385b281628ccb

SHA512
66d02fef6768208b3f417d6fe25e9dfd66fd08d3bcfc4798fcdc939f6e578d632b1a40b9b1a0ac2f302aa1ca096b172d88291106508f857172cc3ced54d86557

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\prefs-1.js

Filesize
10KB

MD5
e17a7474ec8bf5ca38bd592cc77639d7

SHA1
565be5cb72b81dedb15429b3ccdd18b8a526358f

SHA256
7620b78738f7e581f90d189558318817edcfa7a977563b3727c8a81ec582d062

SHA512
273382056806f579487e68de50bf67b056eaae8b349c66d15f754685e50f5dcc1ff37c4c3acc85563dd6325404c2f91a5a412d0f5b92d923cd909c13c66111c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\prefs-1.js

Filesize
10KB

MD5
235f2e7775a88a87c60d2036bb694285

SHA1
312dadf5a50889d8bebd4599e9d0f5ecd281e5f1

SHA256
5229e87b4acdb396c9ea640366b37f1563b3041e04c684adb97d239b45b9c5b5

SHA512
168419b74df539dc055618e592b81186ff27f3f25cba0db043b1572978bad7cfd2741e416ee7f5d1a88b70201324aaf2972759547565f6d4a8ae1e201ac387a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\prefs.js

Filesize
9KB

MD5
f4d11c8497e39eb39c8b4f7e42e34a46

SHA1
31205a88ca619e9a501e15d67b962fe3cf338d53

SHA256
8bfed574cfecf8afb5cf38331c36077952553155bf4b495dc9600839a2789592

SHA512
d3cf87d412fb0d86a0159ba79240af16001d550f6750ab5de9b297d3994fa987f3a94dee1bbe4e0b4d58305db908a6bcde2224dfc73864a238ab6d1c99507c71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w69s77rt.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
a8cbad43d20aaef795bac96f01b762b1

SHA1
bf0f38fa397153c4a4b00ac6040e15c0a9b63e23

SHA256
6e5440503edcfb103c21ffe76754aa5d309081d08c56d7409d0e713e35c37e8a

SHA512
9a07077a6edbdc124a56cb6859b29e3e82a4ab948840a5766320367e634dea1ad94d181731c86c523135c29e08963a7d272f9a4ec9890f6daccd7006a02c8bd1

Download Submit
memory/5464-6-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/5464-229-0x0000000000FE4000-0x0000000002223000-memory.dmp

Filesize
18.2MB

Download
memory/5464-240-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/5464-283-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/5464-231-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/5464-0-0x0000000000FE4000-0x0000000002223000-memory.dmp

Filesize
18.2MB

Download
memory/5464-284-0x0000000000FE4000-0x0000000002223000-memory.dmp

Filesize
18.2MB

Download
memory/5464-1-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6056-232-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6056-278-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6056-574-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6056-21-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6056-11-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6064-575-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6064-13-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6064-233-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download
memory/6064-580-0x0000000000FE0000-0x0000000002717000-memory.dmp

Filesize
23.2MB

Download