Analysis Overview
SHA256
8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
Threat Level: Known bad
The file AnyDesk.exe was found to be: Known bad.
Malicious Activity Summary
AsyncRat
ToxicEye
Async RAT payload
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Drops file in System32 directory
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Uses Task Scheduler COM API
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Creates scheduled task(s)
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Checks processor information in registry
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Delays execution with timeout.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-11-26 14:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-26 14:56
Reported
2023-11-26 15:28
Platform
win10v2004-20231020-en
Max time kernel
1794s
Max time network
1796s
Command Line
Signatures
AsyncRat
ToxicEye
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Static\wsappx.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe | N/A |
| N/A | N/A | C:\Users\Static\wsappx.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133454848110863497" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Static\wsappx.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\VENOM-RAT\Venom RAT + HVNC + Stealer + Grabber.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\VENOM-RAT\Venom RAT + HVNC + Stealer + Grabber.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x3d4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd0b7a9758,0x7ffd0b7a9768,0x7ffd0b7a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4180 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:2
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\pcbreak.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\pcbreak.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\Admin\Downloads\pcbreak.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\pcbreak.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\Admin\Downloads\pcbreak.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\pcbreak.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\Admin\Downloads\pcbreak.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\pcbreak.bat" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5156 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5308 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Virus-Builder-master\Virus-Builder-master\infection.bat" "
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5948 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4048 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4100 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5320 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1020 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe"
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe
"C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpCB99.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpCB99.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 716"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Static\wsappx.exe
"wsappx.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe"
C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1876,i,10515353719328102153,17960734891717138061,131072 /prefetch:8
C:\Users\Admin\Downloads\VENOM-RAT\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VENOM-RAT\Venom RAT + HVNC + Stealer + Grabber.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| NL | 185.229.191.44:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-dafa4c5b.net.anydesk.com | udp |
| US | 212.102.40.162:443 | relay-dafa4c5b.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.191.229.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.40.102.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.20.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| N/A | 192.168.1.12:7070 | tcp | |
| GB | 92.20.243.180:50820 | tcp | |
| GB | 92.20.243.180:7070 | tcp | |
| US | 8.8.8.8:53 | 180.243.20.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| US | 8.8.8.8:53 | 132.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 172.217.10.195:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.251.36.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.10.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | t1.gstatic.com | udp |
| NL | 142.251.39.100:443 | t2.gstatic.com | tcp |
| NL | 142.251.39.100:443 | t2.gstatic.com | tcp |
| NL | 142.251.39.100:443 | t2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| NL | 142.251.36.35:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 150.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.150:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.208.98:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 136.143.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| GB | 216.58.208.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 172.217.10.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 91.153.250.142.in-addr.arpa | udp |
| NL | 142.251.36.35:443 | id.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.48.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 172.217.23.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
Files
memory/3372-0-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/3372-1-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/3372-3-0x0000000004010000-0x0000000004011000-memory.dmp
memory/4960-9-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/784-10-0x0000000000F20000-0x0000000001FA5000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 541ee96d162a0b6d7676c0a86c4e315d |
| SHA1 | b79d48a5575fff690a39d96be5006ca4cacbac86 |
| SHA256 | 922b623c0536218fb1fe4152561d728bc99a7ac3935e1e8459a74a17ebbc0b0c |
| SHA512 | 506e77dfd8023eccbe246c6e1be50d9bf3ddac0840b073451245dd5be6821cd662a1bcb5c8313e8c209699047dc5b89e829b5d0782858a22af1540122f3ae4d6 |
memory/3372-20-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3372-21-0x00000000060A0000-0x00000000060A1000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | e179f75ee84d32dd5dff0dcbde2567b1 |
| SHA1 | 12f86a9ef08bb33a5d793049167b926d9d7be3a7 |
| SHA256 | 818c0fe1b063ce2e75e8baacc2cf3833ada9b7880631321cacd055e2561248cd |
| SHA512 | b478946d1927d6dfeae98ed96364b424a2405f0b9a19a367468fc1024f6dc6215fc0310a401d4d6a45d8082ecb2c1344cd02413406837ed86605589c90611de9 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | ec6fc12dcfe2085c1313a44886dccbc8 |
| SHA1 | 9a2ef9891967a0a2540508826d92fcb2bc9416b2 |
| SHA256 | c12d4901c5cb55e6a94097b5baeb85318031d2dd2858ff42bd9e81b4107be480 |
| SHA512 | a6b0496830d2221db85df9c38d2ca2394f416e5cd3964743aef20ccabab9d1a3a188185d272c4717e5b3d43d2422a87400b6855845339246d20b5d7fe969048a |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 541ee96d162a0b6d7676c0a86c4e315d |
| SHA1 | b79d48a5575fff690a39d96be5006ca4cacbac86 |
| SHA256 | 922b623c0536218fb1fe4152561d728bc99a7ac3935e1e8459a74a17ebbc0b0c |
| SHA512 | 506e77dfd8023eccbe246c6e1be50d9bf3ddac0840b073451245dd5be6821cd662a1bcb5c8313e8c209699047dc5b89e829b5d0782858a22af1540122f3ae4d6 |
memory/784-27-0x0000000000570000-0x0000000000571000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 3a6733f2b575a5ff8b1fbeffde4a2fe6 |
| SHA1 | 5dd153ae5d03410eadd62c0f4f152daeea548f06 |
| SHA256 | d3a44671bd0d0446612a11c60eccbd7cbc9b1411c4791c64989e88721fb5a545 |
| SHA512 | d671cece11afe59981a54e5e619782f9487ea728c6338a2457768cf516c2eb75267bf4669b8672eb4aab7f0d9ca3741659c54c1ea0d900065e2530d472428176 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 54ddfd33f5e9accb2e1b63247decd247 |
| SHA1 | fe41377dad00b051194612164905ebb3bdffb290 |
| SHA256 | 4eaf16cf23d5b8d4d0d79010d60f7dee52a37fb8dc9dee515ec801201f5343f5 |
| SHA512 | 62dd199dec0cc9bb5abc42f4d190b6d4eed270acaa7a7a0c975134edb38c264dc39cf28b1fee9560b059ac507af4000c717cb9b07b736320929055f6df65fdcc |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 47f53ac95985216977b971d43e1bb807 |
| SHA1 | 93028ba111408a29e4754cd5a501e260a2a2ee23 |
| SHA256 | 1dc239deade27d10842807a263e712e75c3a381551f780e3ebe7d0a5e9575969 |
| SHA512 | 3e5a1933aeea47d3ed51279f734b87747ef5af0049de18c7c59c1aa75c25f31db2fd2f00b2a8ebad12eb9839a6b60beb6aac15fd3afb2d846f15860113499594 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 47f53ac95985216977b971d43e1bb807 |
| SHA1 | 93028ba111408a29e4754cd5a501e260a2a2ee23 |
| SHA256 | 1dc239deade27d10842807a263e712e75c3a381551f780e3ebe7d0a5e9575969 |
| SHA512 | 3e5a1933aeea47d3ed51279f734b87747ef5af0049de18c7c59c1aa75c25f31db2fd2f00b2a8ebad12eb9839a6b60beb6aac15fd3afb2d846f15860113499594 |
memory/3372-81-0x00000000087E0000-0x00000000087E1000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4132dd89c229a0348bfda4ef357edc8a |
| SHA1 | 435d6879c0a63ebe4daf482bb0aa5c918cd4da65 |
| SHA256 | 922f7cd149219cc9512d32ecd910592a3b03cc90393e17cb22f06d740c24c2d1 |
| SHA512 | 09885b526e0ae89fd0a0d9a5d5cb3102aae3bf7daa6fb75529a7a656af1a5ff37fcc2acdb32d73621f40b9bbea8f4a88565d1e049deb809e5a32fb5bbf616a21 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4132dd89c229a0348bfda4ef357edc8a |
| SHA1 | 435d6879c0a63ebe4daf482bb0aa5c918cd4da65 |
| SHA256 | 922f7cd149219cc9512d32ecd910592a3b03cc90393e17cb22f06d740c24c2d1 |
| SHA512 | 09885b526e0ae89fd0a0d9a5d5cb3102aae3bf7daa6fb75529a7a656af1a5ff37fcc2acdb32d73621f40b9bbea8f4a88565d1e049deb809e5a32fb5bbf616a21 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4132dd89c229a0348bfda4ef357edc8a |
| SHA1 | 435d6879c0a63ebe4daf482bb0aa5c918cd4da65 |
| SHA256 | 922f7cd149219cc9512d32ecd910592a3b03cc90393e17cb22f06d740c24c2d1 |
| SHA512 | 09885b526e0ae89fd0a0d9a5d5cb3102aae3bf7daa6fb75529a7a656af1a5ff37fcc2acdb32d73621f40b9bbea8f4a88565d1e049deb809e5a32fb5bbf616a21 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 861b143c49b9e589e6fabe5faf29b294 |
| SHA1 | 4c7574fa9593283259eb275f75dd7b5cc6c2c4ed |
| SHA256 | 73b4f7ef9854733260957bd54355549678d00b1501e07ee1d39b324b56a01db9 |
| SHA512 | 279d02735aa6052a264af3cd95305c1b8666969f6fd6363c3ac4af7792133254df8d010e9755ba970dc92e8b0468ffbb006d7f56bf53d09dc7c565fe144ab0c5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | fd9c32c42fda42fd79bbfdb445ed7fac |
| SHA1 | 71110155f6dfebf61eedaa66cf584dd0e0d1aff5 |
| SHA256 | 665af3f9db6858d172cf08530153f5d6c83cc81743a79373ada43667a4a5d9af |
| SHA512 | 30ca4614bffa8a620771543c9bdb629c3b7433d0d76dade337eb7f05ed6212dd49cb7ec8b3cda68b8bbaa2ef193ba784d82405e40b6d0234b079b0d241679b2e |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | fd9c32c42fda42fd79bbfdb445ed7fac |
| SHA1 | 71110155f6dfebf61eedaa66cf584dd0e0d1aff5 |
| SHA256 | 665af3f9db6858d172cf08530153f5d6c83cc81743a79373ada43667a4a5d9af |
| SHA512 | 30ca4614bffa8a620771543c9bdb629c3b7433d0d76dade337eb7f05ed6212dd49cb7ec8b3cda68b8bbaa2ef193ba784d82405e40b6d0234b079b0d241679b2e |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 861b143c49b9e589e6fabe5faf29b294 |
| SHA1 | 4c7574fa9593283259eb275f75dd7b5cc6c2c4ed |
| SHA256 | 73b4f7ef9854733260957bd54355549678d00b1501e07ee1d39b324b56a01db9 |
| SHA512 | 279d02735aa6052a264af3cd95305c1b8666969f6fd6363c3ac4af7792133254df8d010e9755ba970dc92e8b0468ffbb006d7f56bf53d09dc7c565fe144ab0c5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 9a71ee46d4f07e6d9916114cfb24ff56 |
| SHA1 | 37e4c52ee3675c6e08e75f50ae87299925cd0c7c |
| SHA256 | 8fa7d7defa35d3876b4183cb3a7d3c0cdf61821ea771154e94c442d2ffee4042 |
| SHA512 | d21edfd437c41947950d12cab3e8c9a2aa2f7c4ad10a5c149d55305cc9ed3e18da2f9371666626dbbf0eed5fd1b7899c1ec881b54507269a67d8e0316af79178 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 9a71ee46d4f07e6d9916114cfb24ff56 |
| SHA1 | 37e4c52ee3675c6e08e75f50ae87299925cd0c7c |
| SHA256 | 8fa7d7defa35d3876b4183cb3a7d3c0cdf61821ea771154e94c442d2ffee4042 |
| SHA512 | d21edfd437c41947950d12cab3e8c9a2aa2f7c4ad10a5c149d55305cc9ed3e18da2f9371666626dbbf0eed5fd1b7899c1ec881b54507269a67d8e0316af79178 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 32ba72cecc67177109804531cabf2aea |
| SHA1 | 81c4480fc1b157a2671509dfdea918a98cee72e8 |
| SHA256 | a9c49560c6905c8a79a9663fbf689730c7d9e5cfb034fcf344f5f4ba822be81b |
| SHA512 | 2ace943a7d77a7dc10b5b43fc83333f00304d0093e43902bdc64975a8aaed3efbe51e9c458dec916cab94428939bb60b2b7ca55f202fec471ffb39983266dde5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 32ba72cecc67177109804531cabf2aea |
| SHA1 | 81c4480fc1b157a2671509dfdea918a98cee72e8 |
| SHA256 | a9c49560c6905c8a79a9663fbf689730c7d9e5cfb034fcf344f5f4ba822be81b |
| SHA512 | 2ace943a7d77a7dc10b5b43fc83333f00304d0093e43902bdc64975a8aaed3efbe51e9c458dec916cab94428939bb60b2b7ca55f202fec471ffb39983266dde5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 32ba72cecc67177109804531cabf2aea |
| SHA1 | 81c4480fc1b157a2671509dfdea918a98cee72e8 |
| SHA256 | a9c49560c6905c8a79a9663fbf689730c7d9e5cfb034fcf344f5f4ba822be81b |
| SHA512 | 2ace943a7d77a7dc10b5b43fc83333f00304d0093e43902bdc64975a8aaed3efbe51e9c458dec916cab94428939bb60b2b7ca55f202fec471ffb39983266dde5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d95eae66a4625fc29674aa871ad03262 |
| SHA1 | 107f0aa84035577f74e7f204adfb4fc1503ca3b7 |
| SHA256 | 328b58f5049023e127c93503ddf58f029474023e2d79a69441894e2ec8fce877 |
| SHA512 | 44d7f52abf0be07bbe6c9c3810cd489979434e8dfebef89fe47ac3dfc06e560deb2027a6e00ddd00f1873a298e2195cf8176ba77b564f0632541bc0f3e9eb90c |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d95eae66a4625fc29674aa871ad03262 |
| SHA1 | 107f0aa84035577f74e7f204adfb4fc1503ca3b7 |
| SHA256 | 328b58f5049023e127c93503ddf58f029474023e2d79a69441894e2ec8fce877 |
| SHA512 | 44d7f52abf0be07bbe6c9c3810cd489979434e8dfebef89fe47ac3dfc06e560deb2027a6e00ddd00f1873a298e2195cf8176ba77b564f0632541bc0f3e9eb90c |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 40f4d28abe2714e8e78e760ad25174a7 |
| SHA1 | da3b17d81657d5d908c622a10ef8162dc37498df |
| SHA256 | dafe094ea48aae8332aba71eadc73c1f01337ca15ef290c1c335850e90a608ee |
| SHA512 | 7876aea2fca523421807c7b238537883c42dd4d6a70facfbe9b3ebd82fad4a3e9ced6ac74e144b3797f2c99647a02c7b43e92306239ebb06ce1e8d6198986ee1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 40f4d28abe2714e8e78e760ad25174a7 |
| SHA1 | da3b17d81657d5d908c622a10ef8162dc37498df |
| SHA256 | dafe094ea48aae8332aba71eadc73c1f01337ca15ef290c1c335850e90a608ee |
| SHA512 | 7876aea2fca523421807c7b238537883c42dd4d6a70facfbe9b3ebd82fad4a3e9ced6ac74e144b3797f2c99647a02c7b43e92306239ebb06ce1e8d6198986ee1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 8fb7e3686474844472a9065f7e09ab92 |
| SHA1 | a8fe33069cd67fd3e01ede2acbd6752619ce02f0 |
| SHA256 | 434b6e78861187ba6a727bb9e305357be6a5c8f2b9ef44c280334c46473d271a |
| SHA512 | 3e01328fe6b1ab04138e3ec20ea41bd381c1bcb2a3a6cda03233ee2871b89074efed336802ea96abe050930895b342095937d083998263f302c1c35de913b6ba |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | ee8db48ac315178d96749ddcb6980038 |
| SHA1 | 84bcb14322dc12c3a354c0cabc789dc7e6d43659 |
| SHA256 | 13d02f98d4e5d908524d54997236892443270d10408a94b9027d66e4265c6981 |
| SHA512 | acf164589cb57979a4d0b1f37a55219ce3f47690beb9998c11dddcfb8b5acd6792abad160b23a0d9123811a4c90f1ae3aaf3e94364c4cf19c6484e7983748fce |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4e1bd877ca9cca0a490cd4fc3c62fb6b |
| SHA1 | 045d385c78ccb07ad9e3f30bad3b1591f48d384c |
| SHA256 | 1b67ea8ea410337863a12e663f4d9da0bd751fd0ead58ab53d17d4174095cd05 |
| SHA512 | 922b738c6285080e23e46e7c9fa7e970aaa8338fa4b0cbb15cfae8cf3f9fde07530e64e2720231490f27dbf08c06dae4c19e024fc55d72cec35e04ef66379375 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d39b78152ea09f11b4bef16fedbbebce |
| SHA1 | 857d833cc329e4b910e99a02cbcf7a7a2098d33f |
| SHA256 | 46e01a4f9766ea6331c2ab14c79af5558f1307308a02fa44465708c12b5b100a |
| SHA512 | 400621c1fd4b66b26dea0b4cf10de7e4a6fdff8f18c01b389670c9eac833af1f2859a50e61216827d45645011da482b8f82acb89bfd9813794107db8e84d96cb |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 40f4d28abe2714e8e78e760ad25174a7 |
| SHA1 | da3b17d81657d5d908c622a10ef8162dc37498df |
| SHA256 | dafe094ea48aae8332aba71eadc73c1f01337ca15ef290c1c335850e90a608ee |
| SHA512 | 7876aea2fca523421807c7b238537883c42dd4d6a70facfbe9b3ebd82fad4a3e9ced6ac74e144b3797f2c99647a02c7b43e92306239ebb06ce1e8d6198986ee1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 3d1c1edd99b6ce352a1185730af49ab5 |
| SHA1 | d6b176cb033620010a4c70d4f28f450301de49b6 |
| SHA256 | 580cf1b6c306bb48d09526fa04d57ac8ef9495eac8abf28f609ce68301200088 |
| SHA512 | a649f4dd66bbef0d01c54e181d57841f100d3d952c8fd5e4f47f8a84884239ecb9d3b6a4a5c91bc66c1cbd837d477616400cd1e2fffaf46103f4c574681de303 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | c7e03c05f3d7f8cff978cadcd56ba269 |
| SHA1 | 6216452cff9fc1ea2be5f42079717c9f4d32c5c5 |
| SHA256 | 07d64745a59fc2a2f922384cf019830f5188375698ad58f3367a9894c522ba2b |
| SHA512 | a19f901aff80d3ad0ff4685eec5ed5aca93a2be6b084818bb0b60cd7ed5bb769190b12173a9184f47655ceac810392d9fb456c436f3f784987ad771e518d04ec |
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
memory/3372-208-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/4960-209-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/784-210-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/4960-230-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/2888-254-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/2888-253-0x0000000000F20000-0x0000000001FA5000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 8fb7e3686474844472a9065f7e09ab92 |
| SHA1 | a8fe33069cd67fd3e01ede2acbd6752619ce02f0 |
| SHA256 | 434b6e78861187ba6a727bb9e305357be6a5c8f2b9ef44c280334c46473d271a |
| SHA512 | 3e01328fe6b1ab04138e3ec20ea41bd381c1bcb2a3a6cda03233ee2871b89074efed336802ea96abe050930895b342095937d083998263f302c1c35de913b6ba |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 7992fb48b484b98ad0bb50032a18aec0 |
| SHA1 | 3f788eddd06163eb98e77e843e9167311b9957f2 |
| SHA256 | f5d324ff7c68a20b301510bef6c01e29505c2c1ee8459800d5c43f95471c4791 |
| SHA512 | 885bfc4ebe912a5a71b11042d6632ad7fbd63a86b976d58016f560e7166c19bfa571bef8395420c70176ea691f086f117745c364d97c61e1daa955db4f62e26d |
memory/2888-258-0x0000000002150000-0x0000000002151000-memory.dmp
memory/2888-271-0x0000000005DA0000-0x0000000005DA1000-memory.dmp
memory/2888-273-0x0000000005DD0000-0x0000000005DD1000-memory.dmp
memory/2888-275-0x0000000005DF0000-0x0000000005DF1000-memory.dmp
memory/2888-280-0x0000000005E40000-0x0000000005E41000-memory.dmp
memory/2888-282-0x0000000005E60000-0x0000000005E61000-memory.dmp
memory/2888-284-0x0000000005E80000-0x0000000005E81000-memory.dmp
memory/2888-285-0x0000000005E90000-0x0000000005E91000-memory.dmp
memory/2888-287-0x0000000005EB0000-0x0000000005EB1000-memory.dmp
memory/2888-286-0x0000000005EA0000-0x0000000005EA1000-memory.dmp
memory/2888-283-0x0000000005E70000-0x0000000005E71000-memory.dmp
memory/2888-281-0x0000000005E50000-0x0000000005E51000-memory.dmp
memory/2888-279-0x0000000005E30000-0x0000000005E31000-memory.dmp
memory/2888-278-0x0000000005E20000-0x0000000005E21000-memory.dmp
memory/2888-277-0x0000000005E10000-0x0000000005E11000-memory.dmp
memory/2888-276-0x0000000005E00000-0x0000000005E01000-memory.dmp
memory/2888-274-0x0000000005DE0000-0x0000000005DE1000-memory.dmp
memory/2888-272-0x0000000005DC0000-0x0000000005DC1000-memory.dmp
memory/2888-270-0x0000000005D90000-0x0000000005D91000-memory.dmp
memory/2888-269-0x0000000005D80000-0x0000000005D81000-memory.dmp
memory/2888-268-0x0000000005D60000-0x0000000005D61000-memory.dmp
memory/2888-267-0x0000000005D50000-0x0000000005D51000-memory.dmp
memory/2888-266-0x0000000005BC0000-0x0000000005BC1000-memory.dmp
memory/2888-265-0x0000000005BA0000-0x0000000005BA1000-memory.dmp
memory/2888-264-0x0000000005B80000-0x0000000005B81000-memory.dmp
memory/4960-289-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/2888-291-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/2888-295-0x0000000000F20000-0x0000000001FA5000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 6a6cfefba590e26d146df31a31d4f5b7 |
| SHA1 | 45ce7be16a9c7ec24a7e9fff7b4cf156f0dd6f3f |
| SHA256 | c4b5c3c7b33a7b16c2538b4482220beac880ea18b4bdc37750f4ab9095ee25c2 |
| SHA512 | 4d1380550a570f432b05a4b1359639a09de1ccc86b9bc6a06732693ed308434d7a052586f0f718ce350131ae99c3097f5f258fd10e16bb2739e3acebac37de03 |
memory/4960-300-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/784-301-0x0000000000F20000-0x0000000001FA5000-memory.dmp
memory/2888-303-0x0000000000F20000-0x0000000001FA5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f80b7508bb545f80f21292b85452482 |
| SHA1 | 83a97595a289bea7769ec5ffef9d401012adb0ad |
| SHA256 | eabaf1d1409e5b23c99b3e87871f507faf68578fd5bf6265346d1adcbbd46db0 |
| SHA512 | aeb57799808b6c168a780393b595551c40f6b2e16fdab36fc0833c5bff22da699d45ea0cb356955f9380c571142ce02d6e8049099cf7f2e0bbbc85acb65dcade |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ab984c3aef9e4d3df423d3f827228e6 |
| SHA1 | 073b8357377292783693ec09c5f80c335d6addec |
| SHA256 | b3b8a9e1f31a12ecdad284bef408dc7cbfbb874ff32d21b72722dbbd15d58c28 |
| SHA512 | cbed69633cd16017e46c57440bf122035531e59ebe34aace8f2855e96fd022ba6977dd819f4ad61a8a60809f3c516e1614580f10b0b819aa246012e32469a096 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e7f0b1a0917bfff693d86b53409de86 |
| SHA1 | 280523dfbad6d8b2d7be257e4926c8272803ea6b |
| SHA256 | d316e7fbb6e361da8fc8636cbd7b40e5125bec431d2652ec0276933742b3068b |
| SHA512 | 752894d4d0d8e39ac4a9cac5848333b30457f4f12d2b3389752603cf4616b3ed1a6720a5da54db2e6fb02fc2c371da308e5c8d1b9c7e4faf45726917613121d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c764baa5967a972424c6ad3abc65a0fe |
| SHA1 | 8dad7bf0dae23189a76b0648c6b0fc11f7d95aa1 |
| SHA256 | 26adb21a28c606a5dea59758006b94a22ed51b1f7ea7ec427476c4c89a7d044f |
| SHA512 | de46aceec3c818dea8b483d0e45c4a4eebdbf0b33792d860338c4952e339a1475eb8692cb35dc10d69a094180c7dc8d91a8568b5851820188135ce70f4a7ada9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f3b8f9308b632bc888e2b411a2a4cbd |
| SHA1 | da71537ee16522f12f3cfb73fd80a22a64dae53f |
| SHA256 | f3eeb2d5a6da8df58ed8c8887acb36a90de75e2bb9d25c7a0e42348c6dcc523e |
| SHA512 | 940c1b59338fb47e8b9dfe7664667dc939edeebd1ceceb62366484d19842c0449d7a08702b9aeaa074fa3735344a9bcfe83869a494d128d40796bf9ed7cfa307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1a2689cc2cb6c0de97d0782b0b2bb197 |
| SHA1 | 74708350e5118a374ceb946fc5d7778e7550ce7d |
| SHA256 | 9d9eb8e6546fcad5910463359a1747315e45d21af36b0dfbf3aee274ff351383 |
| SHA512 | 3263b256b4c9799585c5d185e97a2b54408356a67b4d98b21044b04116b4e97282eb212be0973c885cef7d649e9af40642f3a0ae3823bbc7c428cccd7492337f |
C:\Users\Admin\Downloads\pcbreak.bat
| MD5 | 169e36358c5d52a2c6d4b932407e2650 |
| SHA1 | 1bff92d13aad0c1c0e9f0e35180963333b1fa336 |
| SHA256 | d8bd8631a96f916e8c80f4838ad4b1d71646667015a2992f0d9974861cac490d |
| SHA512 | ea9d5fdf36c7ec6560d761e0582d6e0e2389652cc4d85bc96c6c90d211664d92844d81b55b6928c06f2e6db48e39164a63891388a1738cafec2a258012f7a318 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cf82e880207f5f0f7cc196630dc3bbb0 |
| SHA1 | d0151587b54ba18c47c115afc90ae3e664839cd7 |
| SHA256 | 1fcd5358fb89a0cb6e0d3f50e9413f08549bac6fc7257b0fdbacf8c61e43658d |
| SHA512 | 8cf4d77174c0fd8595edea4dadac713eab7085016c40391c01d40ef1d4dd4ad3ed343ae5de67009d2a7fb8c5ffbff0574a02d62fb6834637922bd4b56c7382d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aa2020545f650ff00baa5457b127fa61 |
| SHA1 | 71804d7af81b7dab0949cb859b2c44c7aa7198e6 |
| SHA256 | abdc93213354eb1751916c63a0f6d428490984e7a352a48d3bb6db6ac83e599c |
| SHA512 | cb9c896a85f0764a1c32b972d559b584e239c0f6edcd445dc46455375523f2760590d695945799e194148b4080a00d80d83b5ef0e6462eceffbcde4f7d4760b2 |
C:\Users\Admin\Downloads\Virus-Builder-master.zip.crdownload
| MD5 | d7be1cd2f87f2d2518c7dcb850b692cc |
| SHA1 | ed56061f655fefcd2bd449607bace402a6ffb4e3 |
| SHA256 | 5051df73c3039015cea080645682cf65964161e013e53acbd1ff46dcf6b87ab7 |
| SHA512 | 8552c4869f3e0c5a093ddbbc029c0ff8e09bd10d74231a20bf163625070360007a0192c23d79600c0bd1be8301b6d4b68fdc43b609fc5c22871f4315bf73dab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d769d429ba4786b61a55aa38a8e29c67 |
| SHA1 | 4ab2479bd39a8faa8ccd08e337085e8da0d2649d |
| SHA256 | 4a34d604be2469751a664fd83f66148e336f3cf63951385978d51dda57d6bbe9 |
| SHA512 | dbcf12ce7b3fa35a842b1d0643818e0175c824b3067857e4ccf8a6e0ea3abe5120b65318a948bb19d47a1b54702d98c98542cb40d27459fe20f0949fd9f439b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | af751dcc4fe8e31b8329b333d0936d7c |
| SHA1 | 17484875fe99faf2db5001dd164b047ae1248921 |
| SHA256 | bd21dd6bfd24ae16df46ee64d9a2c9da8d779568367d77321ad378a621d7c852 |
| SHA512 | db41389c8498d788e4732f0546a9e7ae007121be739081ec47344d43f39cddd1089ff3dbbf9c01def7a742cd77312e0df91cdfeceb60f48685cc0d36e86787e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39cf50e9705d2885cef909da7a594c80 |
| SHA1 | 2b42fcc706aebe6ba7c43487c04a110169c6bed4 |
| SHA256 | ba53ddc06c1e674afa1782a5ad7b6600a20ccebb45eb0e5eb4d737b758e638db |
| SHA512 | 0d60b2fb083735cdc162183f00009eb056089f0459dc8fc81009839312f0cd87e1bfd66bba85e425f033686f4370ce34be680f45ce17ce0374d9ec88d965c647 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 206167c8b350450a16600e5cd06caff0 |
| SHA1 | af370256092ee241a3b5ac7e8d20678801de8d31 |
| SHA256 | 3491098b74b00f911bc9120652f892b69a0636415ab6b0955566f62fa0ec1199 |
| SHA512 | 55341ef2ef4927f7f9717723becbd67a1dd29cfc9f31133a8ede8a4de5b9f00b7c46392aa7177d4540610178ed961f5bb02fa8de5b7a72f9c358a2e3f3afd5e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6319e6.TMP
| MD5 | 0045e564ae80223fa81b5042105cff7b |
| SHA1 | 5f4aa5ee600202a123f07470564c0bbe8d22ce58 |
| SHA256 | 2d5fdf2ed9766f34b592279671a1a6be256a577da9c240b1a2fadaad14380c26 |
| SHA512 | a5706f8c1257348adc25fa6d6ac67614c12b9c330853fda2620e527e957472021625dc0774fcd76cc7cea2b609690646fce43a46e9310b0a2d038b0bf18e5250 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb6af9be8121f3e8943da0e69064c8ad |
| SHA1 | b178793d271b33d139c170e84a4e88fb53c78c5a |
| SHA256 | d26c7e3f9762813f0e7563e080ff58f130876abb5fc93ceb5666765e107246ad |
| SHA512 | 9f9bac687b9d1c1761a5f36d63a273b4581f8d8baab43aa9bba1880146a44d6127066b1c6c5280231202718d2c6abe038c73f54a154393cdeb1fb9836430778c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8263543cdd39454b89210510ff172670 |
| SHA1 | 859e324f9f4494fc29466bf753d7b01496672de5 |
| SHA256 | 5df0b729445f56ce57e26733da3779bf154ea876e7cc93b4aca6508c40b98ceb |
| SHA512 | dc11c8fd44cbfe377a5542e131b5157dccc22a1e97eaf07f242d614e1f4f60d79c8a12c22b91be12a5157d3062b08315585c0409b9db53b615a6056a80e42f66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 7728167e153db78482528c5e226d4d15 |
| SHA1 | ddd905490f1651942dcacaae094fc61069993fe2 |
| SHA256 | 566f2152ca5583495b8db2a2fa8d530f5d1063836cbe284eabafd026ccfcd5fb |
| SHA512 | acc7cce3fc06f6d91f3d164c6c4c545f7016f6c7f44e41d7e741353f786bb7862e6edcb07587bad0f4e5267a1c21c2bf30d55a2e14f7f0ade477690d1c41b944 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | cff609017343e31b8faa076b9468e318 |
| SHA1 | 28a62848d61b10d275a443bcdfa6a660f2b10027 |
| SHA256 | af2ce49eb7140f7298d438e39124fb324a9adea7afb9663d49d79785fb9f99c6 |
| SHA512 | e1100223c839208977b2d515b143013fb742ad6073029ecb1a51d19b81d6c28fcb25497653f633beb0cf58f7855fabb0292fa2f8581c4ce273fd79dda7176038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 1c97582c4802a5b6a5e2fa9285fdc9c1 |
| SHA1 | bc21a1e904ade48ea99c5dfd782d6bdccaf6c22d |
| SHA256 | 04a62b3cf8733fd227fe088857b874e8ec938808c441dc1cc75c772c85ab23c5 |
| SHA512 | 1ae1205e02e1bef4e95f940afab93d6d4cccf223f8b359840108e31d6544c1ab209bdad4f813e84b3dd7eb5fd22de87224e0c6def960c69d945cfa6c9d19337a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 7c6c50cf01e6a117266aacc6949b8174 |
| SHA1 | 43991838ec18afba33698161d021d2264a05505a |
| SHA256 | 6e34ab897a4fe963cb8f8445129b0f18952f1040899c02c9768e72aba907b6f6 |
| SHA512 | 18e2ab1174185fd7992cfff6ae90c58fa2482ed95c54565def110cd26f75f05d8c28e13ef9e46e841d7b9154b22a605c39cdc89f98cbcb0d2b580ee378626cb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 550a62d3ad5944c48590e127898bdcc5 |
| SHA1 | 0f47236945ebf5cde54425770c63c4139809d680 |
| SHA256 | 43a207ffa042474f472c06914e1473c6c4397a138539e7a8301b80830b59cf2a |
| SHA512 | 77fce1ca91acb3cf1e9d336e9183d829a4554a979ab5fcf5f48ecea219253ae94cb27fd4d753c09285daaa087291a28ce468a8c02a5b01aa4fa0792529182f92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 17af65668f6a9ed5b3d08d857145c0a4 |
| SHA1 | eb18b298583bf1dbee023fa70d361166ca8aa141 |
| SHA256 | 62fa1c3e30000d269e499fe0a55c2e1025662fa63faa6c385a5d3d7aec93c4d8 |
| SHA512 | 5bc4bd0e731d2cb0650834168b7d2e4d5238c4b7e60654deae6d0c01a069c9e5b4015b804fc746be8a1cdd05cdc616bd0e0d5ca1d3a7a29e8ba42483a5a9ed0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 468ee7759a4662a166971a646464a539 |
| SHA1 | c102a00a7bb7ca0ecab1aa8816d65faf8bb2f261 |
| SHA256 | 642dd4ca423095cd9eda9e588a8c7701c335548aa9f6ecbb9c1a149aa57d5be6 |
| SHA512 | cf273548b87f052d8481f9fe397b3a2890f11fe2871b854feaaa8bd93e9c926e6f06ab7589688a8867984ef722e54822ecc0722b2db13faf909e884094e83549 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 39214723e24591c985dab5d5219007bd |
| SHA1 | aa98a3f0d83d17997c5a22736ba1bf92332b4b6c |
| SHA256 | 955e2a7d2e2face7ae46b8b8476e0fc59e033017726f93f2c0829741776f344e |
| SHA512 | 576684edf3b779da4e85bf734f577845c0860e6bedc949079aa4e30622e6acece014a15c5f43d30bda83f7d1c0636f8c907f425b343aa8b0e3c3ce510efe975b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37a482094322d8bf6f141c7ebd2bd02d |
| SHA1 | 460c06ae708c0eb91d3464179c5d0c48e0e8d8f8 |
| SHA256 | a25da71ca6bcdb6a407fbf93eb7d322693bcf576860686e65afa0550e7e12a94 |
| SHA512 | 52f7fb645a39db5deaf2b42d9a434bd328d4186c31fe729c475b202275f6ce715bb1ec11ca1b2cd22ec0ac09e1ca8c67003d582e3ede5d0ea4cf6a1c035469c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 9e760eecb1845d48457374c7ba06334f |
| SHA1 | fbd09df59cb8d24ff47033ad6cbd908673d9eb58 |
| SHA256 | dd411430540eca2d3ec97a1e26fccfb8cb3b6e441c5341ad2d62afa0a59ac1b3 |
| SHA512 | f91390be3e799c4f3728277055c698442d8cd480488c965055bf88775e56a8665f4e67d45649b2eac3b2c387b62bd4940547a77276a5cddcf24b52fc647bae46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | b5c78b4f8693b8a9fc3ce69891bea59c |
| SHA1 | 708b03a9b971cd0fa991d5d0ba249647155c8ec3 |
| SHA256 | 0b8010a0ca16d8e50ef4cdc9350c7f1aafb6412b12378f0ce83d287400d5461c |
| SHA512 | 6e56b8802f7f6f8e6ef2f02114b933c6bd36ccc25c5b1c7d45933fd63438f502c6102d2804f6b82c8ed21837548154c81d2013c08a48bed915d2d80cf7ec51a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 529426feb70844b5ac1321070005c649 |
| SHA1 | 962854ebe7774368d8698c000246b62e40d5fe0c |
| SHA256 | 9045ecc3f55f0c65ede6d7ef1d928d7edf440dfc24f9b3090e3f8a53dc71aff0 |
| SHA512 | b7b47d7a8028b1d95b99704f44e0a4380e68b71c0406fb4082eee37589a2d753d1b1f3f440b5c255200edccb680a73f4245ccfaedd1e8f6b299ea2a8ac7a8704 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 17b9bb9509fa8aa6e3ef890dc6cb9917 |
| SHA1 | 81d4f55fe01ad0a40d0d798b102ca826e97c0de1 |
| SHA256 | b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe |
| SHA512 | 0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe641a4f.TMP
| MD5 | 792c73a7643be478db3f225883181312 |
| SHA1 | a7f89c98e04616c5e639673df3959cd4f390e670 |
| SHA256 | 46f9f40bc620e6b7539769421a61b369d276ce08c93fc1dfc76d3d69c8c7f19d |
| SHA512 | 275caa4afb1e6a0cf064a8c242f650b780a436102bf2e5c227d6131d30b656c995dd64b6078a78f6bd33d2d2375205b46a34a24e3291a8a96f06c7d8b0173e7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d4335a8681acb2c8d3d6fe92ff557476 |
| SHA1 | 30dff9419fac506a3a83ba2934c6c4c1c36749db |
| SHA256 | d549be4c231c5bf8f0cf06722b63a86056fed894971f98c1913c4ca397c0d900 |
| SHA512 | 4502877012b188f3c9dc7204b07e8b2fcbefff16b5c1b3234df5973c91aa451b02318cb8ea21ceaae9065ff3a411062a6c39ae37d9ddcb8e8c540db903f7ea74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16eb7a352e6d6c96acaa0331e7e85152 |
| SHA1 | cab60739b233000d901e68daf80226c953a501c9 |
| SHA256 | e92a04fc02ca1e9e3a33c86ec8452f7a3b222aa1467dcbaf644adcb5ddb86f95 |
| SHA512 | dc51a6139307213a60d5cc7f37ab4751ac306afd2db38eb083f18339db272c8198813417762603d0f5e3b7e05e3e92a0ac4299ac46b7a92b736ce383409498d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 204561c0fa547c053ce87f1fd3dbee47 |
| SHA1 | 24dad4bd043557d8985f1a6db7c63332344b0ef5 |
| SHA256 | 28f310219eb9a0598a88b77415862c3c2d2ae935a8bfe72cc355c1692e01129b |
| SHA512 | f32e8e9962e6d055fa4746a1c15ba6c4e430f4b518c6bce42ee6e6f32db68977015610e265d8fb9f6cb20fcae0681444831f5b755b3e8766144294f843f4dbeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 672eedca6caa9668211a2d9f8ff09adb |
| SHA1 | fca7df355dcbe68e825c99ef191a45f6cf33f259 |
| SHA256 | 5704e490f55e171d76a0352fd52d944d18a7eb938db1c5ced111fa5a1b0298f2 |
| SHA512 | 5e904c90f8380f9ccc8e7ff8368c6ebdca5d78a11b2efaef5163208dc1da34f7d3b743578f2c615941181993fe4df23fbaa6263f8cb16323bbc0678e3931dfd6 |
C:\Users\Admin\Desktop\ImportPop.zip
| MD5 | 46fff87e6c86787b5ac84e2d2ec54293 |
| SHA1 | 14291821e0c47969f0c8c5a7b2650b65b7d3f0d5 |
| SHA256 | 03dde824738127cb7eb868c55d2dd40097035b9bba78983f3954b98fb4f67f5a |
| SHA512 | 6bcd5c4e59f4c9efd2af1f63319d4c34f9a91ee72ab8052c8635f7c8bfd98df13bd2cae1bf26fa86a1fc0b601a91dd9564667e1cc277843da7fd38644e397353 |
C:\Users\Admin\Desktop\InvokeGrant.gif
| MD5 | c06d416158befa934e265fb4318f7309 |
| SHA1 | 2d530fb1084efbeb564f79f3b7d75f209d8f9ed9 |
| SHA256 | 54d64d45fde405904bd3447c015706c23fbf5e91b39cc75d0e57e5a2b3e94475 |
| SHA512 | d1bb0a901c2747d383153bde4abfc6abfb8e7350d2404d16bc8fcad973f4275a137fd314b2828f16e8c32a28a2d966d03dcff6caccd9f89b67acf95861d9c5b2 |
C:\Users\Admin\Desktop\PingShow.bmp
| MD5 | 568a330ddf7e58889ebd2f60d6c1bce5 |
| SHA1 | 41b295dbe421983b66f2cc5823d30346b2e35ab2 |
| SHA256 | 58b36d44f4eddbc96687a750786130122c4fb1d8527b40f7b73105c27dfac1fa |
| SHA512 | 59fa1954ad9ec4c822f7568518c4bab62c547080b3dcae8ea1560f07ec174bd37c1f6d6285e8500cbb45dfeb99da72e090d5e6f90393d452dd3362dadb68fa2a |
C:\Users\Admin\Desktop\PingEnter.tif
| MD5 | 2ac3076f411789458cdf161fb90f10bb |
| SHA1 | b257ffead2a8ba54f9db1a9a784d75b0fc5f2aed |
| SHA256 | b10fc5eba2bdb082f56fef2aa4c489518ecf13adf8583399ae238cbd3726e33c |
| SHA512 | db674e060dca0a8b9b1c904d0e90ed583eaca25ff43a398427e923879407d4f3c759804650aa7254086409896d6bbe871e3611aaa172aad35c241c134bd916b0 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 0240c00e5268c37a52f76d388e748ea7 |
| SHA1 | 2a02c4bdc1fab0f3971c93cdfa475a4678220295 |
| SHA256 | 643480f3f472f554436c1a462ff13061c471fcde2d4f6e213fe9a7a971ea54ee |
| SHA512 | bd1fd9911c107a0d4bb4a509f6be83bb084a531c0e0daeb4b2567fe4561519d9f4027b8c661d7fe3cf6260db57c92c6bcba37ace643349b42af225677b7fa2fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 8079f993a3997e417042d938b83fccb1 |
| SHA1 | 9922326be22b1723fb7214a47b584108feea3cb2 |
| SHA256 | 6b63641e59322731117cd85e2ebcf3308cf413fd823eae2c2f288c42ec3d67f4 |
| SHA512 | 71db33e9c288885750927c68e23935609f1391e3531918dedbae28ada096b41f7c7ea36a3df7c91a8da4e6f1fed5e2e217d5580fd5c9b220285babe82c833f2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | 2c0a9b7b88ad07a8f371f676f5ee76ff |
| SHA1 | 85ecdc29f37bf254e61f5e1922421cb7bef874ce |
| SHA256 | b0fa4ed82836b012df7e6983a775727d3d2c1226cc1377654d67a1728efb4567 |
| SHA512 | 8c041ef500d64dae18e661170d1642d4c2cd66d703221e4db7927a5b3ac6b701ef4ed0953692849b9b4f9f192ca409651bb710f34ac5e8040a756439da4c06cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | b2b9007eb5370c4b9ce211de794135fc |
| SHA1 | 8b2d9dfcc2afc288b3c6c3ece2715f2d4d1309b2 |
| SHA256 | 26b660d67343096ea41f709bc2830f1229164430267d7b658c6585bf7a8fbb67 |
| SHA512 | 157da41abc117fce3ef8c93eff4af848cdceeb6fdce319a66e0770f8c9e5832f5fde068c62773c247f7e080fe66de087055127376a9ad99f8c7fe7f43b047dc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e433be5f576377893551bcccd3cdba05 |
| SHA1 | 15d56b01a2210fad77feb3f6d5642956fba5accc |
| SHA256 | b4057f353029558e548c38aa8333ec8c9db4759facc41cd8d2fde47c42a7c117 |
| SHA512 | e258406cedec6cc5e39f3f63e9b359539a15577a86adcf127fb70b4a980a90a0c47ff0de90c4b46f72ee823f5676cc36cf0b8ce598c2d203fc68db10bbfeabef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae6244d70498aeacf7ab2798a05ae8aa |
| SHA1 | fab4206f8744124cf5ea8b92bfb692bd52ab6a34 |
| SHA256 | 2ac090a679d66c4a81647f2bdb2b20434a6cbac8ad6bb5c93ce781ee71502818 |
| SHA512 | 01d8f64b5a2437068a71ef81be1c576a3a22fcdd5bcbe35e460f4ad38830849a15fbfcbb22dbd3925a7843642937688703dd183a20c1d72bcc6e80a58eb1ab99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | a9acecea99a58292813bd5a469533dfe |
| SHA1 | 1cde625d079db861e8f0960e760a87e710cbbd17 |
| SHA256 | ec4eb3032bb25ec467c5b5dc0fcd5fc899c68040bdbd2388fc6d9bc1989c7992 |
| SHA512 | b8d41fc5289781d405109f8fee48c0625f1941cb1e04643ff3fba7110a9be14615cd5aa6887cc5ab4f314641db88c972a4745783eb9a6e573a670ba80026adda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 9416ee294106f9de91dceb8cacab2793 |
| SHA1 | 819f75db6cd71d72cb653520ca4f18109c7aa192 |
| SHA256 | da88f2448b860d2f1d65c3b3af7862b99aa762dcfbc7d4646036c34ccf2188e6 |
| SHA512 | e7afde28a6c03eff302f49877c2b7737bfebd1a11c9765b5670d3bb87c794122ede50a14e250cd2462829915e7ce7cb059e790de9808468c7bbef709ebec26fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | decacfee007b1bdf965148371d1f85f0 |
| SHA1 | 0ca2f24d8edeb2f5437be6b1bdc2e9b92676ce20 |
| SHA256 | 4ee39293aa1d6a7ec4b74d5147b5e06f4a2e9c7d13b48ab8609a8684c49f3035 |
| SHA512 | f78d7cf83105e48d59407bd8a01c48a935aff0c020bd632213f860c4de87b34fc6ae027b4e25f015cf1f1207b768e42b64338071626cea6545209213e3097abe |
C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main.zip.crdownload
| MD5 | ed997c518b1affa39a5db6d5e1e38874 |
| SHA1 | d0355de864604e0ba04d4d79753ee926b197f9cf |
| SHA256 | 8a7d20fb5bc7ef8b02ab6e11ef78ebc0a31ba5376bd97d40fe5d1da521324556 |
| SHA512 | 50699cdd035c48e431102c703d7855dc85caa6feb7a7b34bdb23c7ccc298dbcc3ab261690c3dfb078451d3e299a0b037351edcbf54e79b6edaaacbf30ec68cb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2ba9ad98011c6d399037168613fb2be4 |
| SHA1 | 0852e01b90c4ed21213665cfb08d479a31685ad2 |
| SHA256 | 0ddb3b9760676ad2dd2361f15c1173a5199ff8bc6b301fde09e09a4199d8dcbe |
| SHA512 | f3090efeba5d65f1e508cf9d0e95fc4a3e0daa15cf402a7e70db2ea1ebdb41a5a7ec09ff252454adfae5440bde036e394b12e47e78f3ab43ee20f9c3893f0406 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8994abbd5f95e4440433f286b9da9b62 |
| SHA1 | bc8e66aba097822866191896c82b9073b2546c07 |
| SHA256 | 0f0889b9e21ee9457f5b13b764f6bd6b127a0d83297033529e25ba4fb20a12bf |
| SHA512 | b203103da97ec8fd00b9a6d4a4d6bc6a5598bcd5cd8fe142bb39b76e7bc4b40833236f28ee0e7c0d1e21f5bbcd1f8e7aa3af25cee29497431ef421bd13034461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bce813f213e50be8b082c46ce2ea0a7 |
| SHA1 | 73132c3e371d03f12b6649f8b7e755960582ecb1 |
| SHA256 | 3004f4f6b5e55342c25424a8492f14a22fa96d49687ac64cecaf6954dd577b0e |
| SHA512 | b0b173266fa711935bb9ea42515e979ee510af7f48f7cfd871982ef2186cc84857debe4f9c3eefe7445329af0c66e6b276058eec580748c051ada135f438fca6 |
memory/5012-1616-0x0000021397280000-0x00000213975BE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe
| MD5 | 835d21dc5baa96f1ce1bf6b66d92d637 |
| SHA1 | e0fb2a01a9859f0d2c983b3850c76f8512817e2d |
| SHA256 | e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319 |
| SHA512 | 747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87 |
memory/5012-1626-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/5012-1627-0x00000213B1BA0000-0x00000213B1BB0000-memory.dmp
memory/5012-1629-0x00000213B1BD0000-0x00000213B1BF0000-memory.dmp
memory/716-1630-0x000001D1E7B20000-0x000001D1E7BEC000-memory.dmp
memory/716-1631-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/716-1632-0x000001D1EA010000-0x000001D1EA020000-memory.dmp
memory/5012-1633-0x00000213B1C50000-0x00000213B1C5A000-memory.dmp
memory/5012-1635-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/716-1639-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/496-1643-0x0000020CA0AF0000-0x0000020CA0B00000-memory.dmp
memory/496-1642-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/3452-1646-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/3452-1647-0x000002318C400000-0x000002318C410000-memory.dmp
memory/2040-1648-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/2040-1649-0x000002BF3B350000-0x000002BF3B360000-memory.dmp
memory/496-1650-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/3452-1651-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/2040-1652-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 792b06cd476482d694039b0255fdd061 |
| SHA1 | 3b41f05faa2e5cc47a0a25b8668a937958765ea0 |
| SHA256 | 627d9812f2f2c71d4f3b42f4327d69300165c893d3d9e23d79caa138feaf5734 |
| SHA512 | 798f1acc09b6b666c9061015f385c794f137e25b3bb982dffe0ea6958e31dc3719b06010a77c7ef2091c7ae624367e21715cc25c6009f3c6d2363550c7cef689 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\676cc920bb6367f9_0
| MD5 | bb28da5c08da1c3e2fa03c7d4537a636 |
| SHA1 | 5c8350071474b038834a6d0882034a26e04da5e7 |
| SHA256 | 2221b76008d7a0b7c8c9a931b40b4ff6efd0bff8050c470590864eaef60463c2 |
| SHA512 | fbffa774f5835693404ac45a6e79e3f1f109a34a5b4f8db48ed8789c7e09e07a23d16d3c469c3a9a28c4eb0cf27e087e2ddbad2c4646862731836774d2fc8a23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1639c11c7f1d48acfa8a06c29060c882 |
| SHA1 | 94421570243a0b3e09a5478be5767d07ed163236 |
| SHA256 | b591900c3479d194502816b4cb7fb32e958df880c6455c767401bac8743ee693 |
| SHA512 | 1267f06d06ca74ea8f4a6a63ea842e3ac5a6c4429620d518185ca107cf688b56b29da62f7c44559a42d8766086d97676da487c01d0f7eb8c2a802b1bbd6a9293 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3f07b0fd60121dd55bead34114ad527f |
| SHA1 | 40e3b41224f4f11f81c9543f0d73f0044c8fad92 |
| SHA256 | ad9048009fd8206d8ca422cbcc15730f5fd244ca38a6e201b34010f44ddef81c |
| SHA512 | 0cbda03f456c816755b5b2a58cdd32ffe1a30874f9369de36f74b16c4e319add79c2e8197080afdd76a06ee0ee6bf30c2ef61c706b9e931faf9b866f56112e6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1519a3554efb3a7130a810b1a16ce408 |
| SHA1 | 0bf82b24c23318f807a0c8fce7a0a1acc0585be9 |
| SHA256 | 411c91a7dc578d2b1ac636d7df9eccd3db69bb9f57cf5e5ae6cc8ad575d20668 |
| SHA512 | 11d30bf22a5d76f4f95c4a97055dd0c2f2bcfc727f4d7b2d651188da423e687c3986b27b7672fb10048d86104be52dfdd1a22bbde3cc84916edd0e13506f158b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cdbf1a317c0b9f1932ed3a870b7c5818 |
| SHA1 | a5d2e55d1c24fb956390a772fe300f8bd4799a75 |
| SHA256 | 9a4122e5d1561b54d54a3b05cd1e878dcd8f185f196848bca2b7cf4a46b0eea8 |
| SHA512 | 06e3d3d74bd0e4748761c1995699cf8a558205b071cfdeb258692aa6d295c1df61ffcb1ed604ebb261b3460fdb94132463302f3cda08978b33bdfd8502fd704a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5c0a14f243784bfc2c8a0db454db9be |
| SHA1 | 6aa869ac20bf8090519bd1f89541efd7648531fa |
| SHA256 | b537574968626ecd74dd6ff36d3a69981d9a28bd75738a297141e504384c93fa |
| SHA512 | fb541e594f285f080ce1e8eaaf4061b236bbe5a95389896be5f4c1cb5cbace183660d3a0a913d29b9eb2a9c23683de9bccd4ea7f7d84a33b79b999ea458b3b34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d6922adff25b3043b89a94ef73545f7a |
| SHA1 | c3c1340716465c6c46d522092e8b6df73decde78 |
| SHA256 | fbd1e573e908b24d05e4473f676ac0b213d90a45d561a6a84faa41dfd28f7add |
| SHA512 | 662121b20a38858855ba6315d3a5b35d886376d82e9c7ccaf9ff5bbc2908627bfeceea47163d34ebd62be80a707d459791793d936ff74762ea9d5e3b414d93ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cdc2a16d914906734daa5cd9e1475882 |
| SHA1 | e14c7926e1db95a196e1ba2347ad1f05bfc2dc81 |
| SHA256 | e021726d802fc12db03bb8d60a6a534ef8fa018191a80be0cf176487c0319f4a |
| SHA512 | 6dc8de43152f00bd3ab049f8aeed91f573099ca238bfdcb355db46ad0d411ce134cfb47f7c6d34bcc746fde6fc549d0094119acc71bc908e55c28888ebcf1973 |
memory/4108-1798-0x00007FFCFE020000-0x00007FFCFEAE1000-memory.dmp
memory/4108-1799-0x000001FA013A0000-0x000001FA021D4000-memory.dmp
memory/4108-1800-0x000001FA1DBC0000-0x000001FA1EFC4000-memory.dmp
memory/4108-1801-0x000001FA1CCD0000-0x000001FA1D1E2000-memory.dmp
memory/4108-1802-0x000001FA1CA10000-0x000001FA1CC62000-memory.dmp
memory/4108-1805-0x000001FA1D330000-0x000001FA1D408000-memory.dmp
memory/4108-1806-0x000001FA1C910000-0x000001FA1C960000-memory.dmp
memory/4108-1807-0x000001FA1C9A0000-0x000001FA1C9B0000-memory.dmp
memory/4108-1808-0x000001FA209F0000-0x000001FA211AE000-memory.dmp
memory/4108-1809-0x000001FA211B0000-0x000001FA21842000-memory.dmp
memory/4108-1810-0x000001FA205D0000-0x000001FA2096C000-memory.dmp
memory/4108-1811-0x000001FA21CE0000-0x000001FA22164000-memory.dmp
memory/4108-1813-0x000001FA1C780000-0x000001FA1C7A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 87ffe8d81c42ea464cf1534d2f980dce |
| SHA1 | 595b3b7d655077b5ce527dcd06c0f1ae8cbf4533 |
| SHA256 | 557ad9799357916ea91d925f83193c437a938176c2d66cdda690703ea4f3b0a0 |
| SHA512 | f4351c9f4841b3892be460dbd8af10d72ea1c8949c5305c26e14eab9c5a1b0403bc5b25abb032926875d90daccfd9ac6d80f0715bfc41230c4c01afce7537395 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b77cb2ee772979bebec4f4af62d8726 |
| SHA1 | d71855e7c455b9577164acdab103b6f956f6faad |
| SHA256 | 07098f46437855a3aa93b3bd16d9203549b0a64b0244c19429ee66d1505b4932 |
| SHA512 | d426caf7b4bb88f27d27f659cfe670d06e377559ba42eb0f8a26496f1b6ba1e7ece8539b22486fb7edc90a0c4a01c692f190ebcf75322fb0973e6567de051879 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69ffecf7a261c8e54c4ad91ac7df3e38 |
| SHA1 | 9905590ade03801952e4b39c631c030093c5d5d8 |
| SHA256 | ba2b21786a9a3f196d6a367b19967b175a563290009b1eef3d12edcb45d7f774 |
| SHA512 | 85ad5c8e2d37bd9a8f04c2376d2a8c9d2dad006b9267a5f8fae43caf8230b9b15e8a9cf61e19d6013ba744cb123a9d7969af244cc38f2f836052dd78b1de597f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | afe76fa1eb8fc81c519e8cf08f74355c |
| SHA1 | 1b5794d4b008798209a5a487979ab1f0908a91c8 |
| SHA256 | b8abc78254c788c6d57add1ea77ee82cff9e613af680942a325b43e00dd5e272 |
| SHA512 | a2abb2566f0ce4326fce261412801bb8dfb694712dafbb8248f23109aa930896b7b77e2206112ba8dc9c4345cffd23471d4cedd3f770fc89d2f5c7dfb046b686 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 85544834631f87f8d9885ef4600ef11b |
| SHA1 | 4ed41f7b7440e5532cb2eb80d419cd46d0745179 |
| SHA256 | ae1ea99972d14bdc75f57553957f5e163bc618bdf5e5ea3b2ca7fb7a5464ee0e |
| SHA512 | 178070df1eb3f46286031aeda75c8539b4eddc6368256a4b23466fc0be03e8bab3826f65b0dc65c95262869e8edc9e63eeadcae25767a452645b2671e8427738 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f467e4a38a22ef4875df11b4172ce08d |
| SHA1 | 70fcae22e49de23685ec6dd6cdea6327a9b4bf91 |
| SHA256 | 48cbf41556193a1c9fe511c6e71b0715fa4a14144d6888915b5d18829fbccb2e |
| SHA512 | 09473277cc3542ef9f447e6ebe7182f97ae1c204c575864a7da08d53a2464d7e92aba5192c88e5a479c21b88a70258f4b21e81e7f6fcd2c7671f8fbfcd04aba7 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 6a6cfefba590e26d146df31a31d4f5b7 |
| SHA1 | 45ce7be16a9c7ec24a7e9fff7b4cf156f0dd6f3f |
| SHA256 | c4b5c3c7b33a7b16c2538b4482220beac880ea18b4bdc37750f4ab9095ee25c2 |
| SHA512 | 4d1380550a570f432b05a4b1359639a09de1ccc86b9bc6a06732693ed308434d7a052586f0f718ce350131ae99c3097f5f258fd10e16bb2739e3acebac37de03 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-26 14:56
Reported
2023-11-26 14:58
Platform
ubuntu1804-amd64-20231026-en
Max time kernel
5s
Max time network
8s
Command Line
Signatures
Processes
/tmp/AnyDesk.exe
[/tmp/AnyDesk.exe]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.194.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.193.91:443 | tcp | |
| NL | 143.244.42.32:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| NL | 143.244.42.33:443 | 1527653184.rsc.cdn77.org | tcp |