55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
153s
max time network
447s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 00:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2696	AnyDesk.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2728	AnyDesk.exe
2728	AnyDesk.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2728	AnyDesk.exe
2728	AnyDesk.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2696	2664	AnyDesk.exe	29
PID 2664 wrote to memory of 2696	2664	AnyDesk.exe	29
PID 2664 wrote to memory of 2696	2664	AnyDesk.exe	29
PID 2664 wrote to memory of 2696	2664	AnyDesk.exe	29
PID 2664 wrote to memory of 2728	2664	AnyDesk.exe	28
PID 2664 wrote to memory of 2728	2664	AnyDesk.exe	28
PID 2664 wrote to memory of 2728	2664	AnyDesk.exe	28
PID 2664 wrote to memory of 2728	2664	AnyDesk.exe	28
PID 2664 wrote to memory of 2480	2664	AnyDesk.exe	31
PID 2664 wrote to memory of 2480	2664	AnyDesk.exe	31
PID 2664 wrote to memory of 2480	2664	AnyDesk.exe	31
PID 2664 wrote to memory of 2480	2664	AnyDesk.exe	31
PID 1332 wrote to memory of 1584	1332	chrome.exe	32
PID 1332 wrote to memory of 1584	1332	chrome.exe	32
PID 1332 wrote to memory of 1584	1332	chrome.exe	32
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 1924	1332	chrome.exe	37
PID 1332 wrote to memory of 2360	1332	chrome.exe	36
PID 1332 wrote to memory of 2360	1332	chrome.exe	36
PID 1332 wrote to memory of 2360	1332	chrome.exe	36
PID 1332 wrote to memory of 988	1332	chrome.exe	35
PID 1332 wrote to memory of 988	1332	chrome.exe	35
PID 1332 wrote to memory of 988	1332	chrome.exe	35
PID 1332 wrote to memory of 988	1332	chrome.exe	35
PID 1332 wrote to memory of 988	1332	chrome.exe	35
PID 1332 wrote to memory of 988	1332	chrome.exe	35
PID 1332 wrote to memory of 988	1332	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2728
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --frontend
  2⤵
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
    3⤵
    PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f89758,0x7fef6f89768,0x7fef6f89778
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1416 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2104 --field-trial-handle=1348,i,16925016014032708111,5673769362890549271,131072 /prefetch:8
  2⤵
  PID:2936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2276

Network

DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

apis.google.com

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.212.206
DNS

beacons.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.168.67
DNS

beacons2.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons2.gvt2.com

IN A

Response

beacons2.gvt2.com

IN A

216.239.38.117

beacons2.gvt2.com

IN A

216.239.36.117

beacons2.gvt2.com

IN A

216.239.34.117

beacons2.gvt2.com

IN A

216.239.32.117

142.250.178.4:443

www.google.com

tls

999 B
5.7kB
9
8
142.250.178.4:443

www.google.com

tls

2.7kB
47.9kB
35
51
142.250.178.4:443

www.google.com

tls

999 B
5.7kB
9
8
142.250.178.4:443

www.google.com

tls

999 B
5.7kB
9
8
216.58.212.206:443

apis.google.com

tls

2.6kB
49.7kB
30
42
216.58.212.206:443

apis.google.com

tls

999 B
5.8kB
9
8
216.58.212.206:443

apis.google.com

tls

2.2kB
7.0kB
17
15
172.217.168.67:443

beacons.gcp.gvt2.com

tls

1.7kB
6.4kB
15
15
172.217.168.67:443

beacons.gcp.gvt2.com

tls

1.0kB
6.8kB
9
9
216.239.38.117:443

beacons2.gvt2.com

tls

1.7kB
6.4kB
15
14
216.239.38.117:443

beacons2.gvt2.com

tls

1.0kB
6.8kB
9
9

224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

apis.google.com

dns

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.212.206
216.58.212.206:443

apis.google.com

https

3.1kB
8.6kB
10
10
216.58.212.206:443

apis.google.com

https

3.9kB
6.1kB
11
11
8.8.8.8:53

beacons.gcp.gvt2.com

dns

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.168.67
172.217.168.67:443

beacons.gcp.gvt2.com

https

2.7kB
10.1kB
10
15
8.8.8.8:53

beacons2.gvt2.com

dns

63 B
127 B
1
1

DNS Request

beacons2.gvt2.com

DNS Response

216.239.38.117

216.239.36.117

216.239.34.117

216.239.32.117
216.239.38.117:443

beacons2.gvt2.com

https

2.5kB
7.4kB
8
12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
02edf418cd167a88b3fb767cb76f2595

SHA1
ea27c14e21a6da12056746ce1af4fa274770a14e

SHA256
8112085b71aa23659c974b6c640b6036f832b31b8d9ccf70030cdf438ae4e63f

SHA512
e07db76e697bf65b6c6c1223c1609641d1dac7bbead0ce90b4e0f7e473c42b179c3bd0cd4baa1a02474870b43a1ce3c03cfcc4ac7b690d63e4c754592329f39c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
984B

MD5
1c74a29b3adc8825a3eed24917ac7377

SHA1
5ea7259788d96771d808758e03e8551a56d4b472

SHA256
8eaa1bf2a44caf6c1c08e05073ba88a7ea26adcf156baaf91836ba9046a1d955

SHA512
eff69e80c6556f86c31baf68a0da8faee81a9f26d44c2c92bbba80985bf9345b05bfcde583f72d057397cb41ee4f04f27848ba0810e3f7f1aaf4f2b537fad5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
62bb3c7cebcfcffd5727ef155dde961f

SHA1
ca99dea65e4e10278a6dbaa36c370322f8b03275

SHA256
7d9a6ee1826656c68aa89fff89bf3b5a9f52c5326630d9b583d17c60bb622e52

SHA512
72b1f6d3e989e7cb0ba061897fd9d419d0d8e0e6b454fbbcf4c91b16c2eed4b56d3d496866a43a87516abb98a8b1e85ef4b27a5a38c75d2cd26cce23325e02de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1016B

MD5
b1d51de0a3d2fb9ae0fd1e40d9dc9f75

SHA1
eb00db3f324f75f0709b87c9a9bb6007636968a6

SHA256
9ed93178cf393c7c90106859009a711e9a2cfc7ce8813f8afe8eb46c8ed83e5e

SHA512
bd51e72801e20cbdf50c18f6328954b55bd682b9b93e6e2de03550d753a38f8ed8f1e37fa7167577be6471ca48febbfaa6014be1498cea616c146794f4ce8120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cd7ae65a0d86af62f288c1f05119241f

SHA1
b3096d9eccc1423e5694f68e9f6bc881f30764e7

SHA256
5521c4360307c8ca1d3021fc56ff81319ecc2c97fc61a0d950c7948f9f7b3fc0

SHA512
6bb7310112e069b677ac9ba10743afbd4d2403b05fc65b997edb6f7c9fb2879c34ca9f06acd8f692ec69e0568088d9057096d75a14b54b0e8ae186345e63b9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf77b625.TMP

Filesize
5KB

MD5
d5c8f2fa75f54f6aa6062a906fcf1536

SHA1
9a9afcf4901a585a23164e1053e240eb78c788ba

SHA256
8b66ec4910e304cd7bdcced03b4cd136a2fa0b2fae5c7223bf14831d4c41a294

SHA512
df3b0ffdfc85bdfbebc017787e44c22d010c2c492680088b6e48951c4ae7302ae5a1e90c2c0e4aea2dcb633b141eec33799d19289713e5dc071f4483a4ed4cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a0b2ffe9-d348-4c83-8f69-43476200cf66.tmp

Filesize
5KB

MD5
0480382a4c6241319bbf19dd82f3587a

SHA1
8125cabfc18aa09afadbfeed2dcfeec8a759fa20

SHA256
003dff19c34fb80b77fbc8c981e2c90baf040ad966d0aac852af6b83aa425a00

SHA512
2a7b1a1334b2b4e726e6f662a36c8500ef7237173a7fef84a91fa398d6ce9924add5a3d0c146da925256354896ac2331a6a04fbc44b572e56ebd6256d5676f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e455261bffde74edb1f452712ca88d21

SHA1
b91a6712385d55a6b4f43a0a9808dfbd152c2236

SHA256
7ff24dd36033d44f428f1f6118553be7c49cac4cd0b46ba895f2677e747cedfe

SHA512
b7cacaccfe1e7301e8861475aa533943dc033d5b5b38cd52eab219cac60697497a54a0edf24e93859bd4b829258a5489b4b145fab1cac202f961f97993c32e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf772e03.TMP

Filesize
114KB

MD5
03837b5145208ed2f5415be15afd1ef0

SHA1
6d4d2f90d1682a2e8a7a1f0df71061aa00115399

SHA256
7d836425c00028cc391a1101eee34337f122a72191a5116b497eadfc9ba6baaf

SHA512
5055e8d3e7a0fde03478d4603e92c1df2b3d18ebab570cc6e678015a8cc7e4bc7668753709e1683e7a96bc0cf5cf09cbddcf7dcb12c876eecc210e8db3475779

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
2e3dc15331056cb3c1c4b3d141e0fea0

SHA1
032ddaeb09ad10dc3ef62adde5fda2c946963691

SHA256
ae1e92d7a650f9325cfde5e91c7f131aab8499a844d870dff7786fbdf9338d8c

SHA512
fa3b495fb9c95904b0e0bf2318fad664ae541c451741c078dab799b3fd91a08ea29ba8c302aa819bda64ec2691ec431f173846db75a83e4f939b69bdcf4eb256

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
17KB

MD5
aa17f23696f0f40d2ccbaa48daa40bd8

SHA1
0d234a41729b692c6b543d6c582533c6d16cf4a1

SHA256
a8edadd4c1e44bb8494c7a56f898441fa451bde4af8ac841419880e5184c17de

SHA512
06ecc1ba55650999b700df2bb4fd44f1bc66b33b906344810840030651f254f6fc6d9037b0b39cdd3604dd0270c58f92d6dfdde08a7dfedac410ae8b7e38976b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
14KB

MD5
b47be712f624408a6cddf8c616be1568

SHA1
b8415762dfc05b25f83b2b40ec8eb6980e4d6fb0

SHA256
14d72cbf5c829c4c05c7d40f367845c709e1334d4aca8ce2e427e040f30f6b5d

SHA512
fa1df11e213a44876dc364668c8cc70129b43b21455f9b8ca83b294063ad8009d2ae19e7c1711209ec61a89ad9c08c849d9eb539774bbdf6047910827b1ff42a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
288cecb131faac8949a43772c69f9728

SHA1
3560c18c992bd3c1b3ab56cdec67eba4d1769bd1

SHA256
0302bc340cfdf8e7251ec135b4e0478fc56a4a7aeee27b68b5fbe74ed8cd98c4

SHA512
79475495e2adfbdc33aa3184445b0fa6f8b523326d0179e232176543e8da020c49ae266b946cf6c1aa777fab8584b7b0d7a941e870ea749f1906ece2ec41fce4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
7ba30b93f5921b1c376fa3e131b4cdad

SHA1
f4b1a44859c74f11eff1f87fc04357d5f7c0a2fc

SHA256
d67135fc2a4cbd7ac6a54cf9841f191f99eab214b53c12689c32a1211fa64742

SHA512
0ab9b7c1c7613a833a14a9e708a170e6da0bd265247c7b58f48e42ce343c0d96c0195d15fdfa541e047b60374430455423faab7b3fc90640586f124926fd23df

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b83ce88106a1686c4a17ae766b660651

SHA1
4495bcb3573fc8f85fd1fe289fcfd3931b87f3ec

SHA256
2c11011c84ece49554c55c36ffc030212814055e5589f13f79bc1f94248d3b0f

SHA512
ffebb672e82accd4737f5295dc42b48ab934e08c1b5e7f2acb445b262b80a8ab25d3b464367caf2bc29f7b40c6efb5e546e1ea444a2f067d7e9c1a892c6d977f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
126488e65497f7bd0e8718d838ad9fd4

SHA1
6d8d2c40edf840568f47836e945786ab1a43538d

SHA256
2f579510709f817ebf5bd11288d06a46df61833584d90855a81ffc03cdddcab6

SHA512
67cadfb73b15c7da44f5209ed940cbd0807b0137adcd9345a8d8a3c580639d61e83d45d1b04cd08519818a4fcec80717e79a6475ac684b0db8f5f44a4351846b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cabb532c6521685e87ca089477f4989a

SHA1
5c1f7d6f6748a67fb4fa98cf5e477863888bc29f

SHA256
06505f5ab33689368d01ae7800b23c0538c84b1b2f1b0f33f80360b13ae4a794

SHA512
67b5b17346ba74026200fa6631851dc1ca505dde7532e98dde0f09c8340cf83456f6004e75acd7936240671052b96f431da7387f8027f9fed9dc9ae98fd36877

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
62f05454154a3b30f1538daa829b6210

SHA1
abaa393ee107dd2f424bde6f0425e17fbfe05360

SHA256
aaee9da7477621a42cce3f1d7dbc284faeba6d4d314c2149aedae1b398085f73

SHA512
e492f03e66d4988ee1f39a82715630ea53e5d3c67723295dacaff645358ea79ef54ab96e956a57a56bc52e2be6692d499dd22993b668daf21bad726996c649d7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a1a0bca930b9306e96765a934e0be4e3

SHA1
d3e0a39b7335d712aafb25a74489ce7a0dead86e

SHA256
f9d0ea08f9c6ee1f81d2b96cc1f560689de6ee6cd45009eb36c52a3da666ad1c

SHA512
efb55b9da23ccb4b9e88e80ddbaab2ec79fb6bbec29f2689837ce6efa92657e560bab4c855f66e4a8db1f5cb7c73385982e0019ccfbc14c948ce7b5586b7ef29

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
300bbbf1300ad8926ada643067569ffe

SHA1
b7f26763015d0da1d481040c82430609ef397d23

SHA256
9740385137611b91617c4590f234faadc0d663f7750feafa7fc88a6543d817dd

SHA512
e9ae22890089d3d6ed9a87fac1e64dbee9ac430b86e0f034ae9b5e8c1f57ca1535d2074840f230dbf80dd8bd2fb1ced5bd4663ae74f0c85b08e6f47baf79ba1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SGJ6UUGQSH0TWX12SCDY.temp

Filesize
3KB

MD5
6717beebfc040451c7bf56d20a6b347b

SHA1
ddf2682d8be3c0517406e2d39c78d0337ab50dd0

SHA256
8f16d9b5db9088c8da2a70dead9e0418317063fa32133475598049f371d663d0

SHA512
136bf26ec71e34c72878aba78947723a6336a8be469c450f9f4b083de286d5002aad1598c5b068506a812046dbd226c9783922b8ea6850d44d767f1b3e8ee3ee

Download Submit
memory/2352-259-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2352-223-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2352-240-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2352-279-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2480-272-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/2480-229-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2480-87-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/2480-88-0x00000000042C0000-0x00000000042C1000-memory.dmp

Filesize
4KB

Download
memory/2480-79-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2480-66-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2480-57-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2480-350-0x0000000005040000-0x0000000005041000-memory.dmp

Filesize
4KB

Download
memory/2480-349-0x0000000004570000-0x0000000004571000-memory.dmp

Filesize
4KB

Download
memory/2480-202-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2480-348-0x0000000004560000-0x0000000004561000-memory.dmp

Filesize
4KB

Download
memory/2480-322-0x0000000005060000-0x0000000005061000-memory.dmp

Filesize
4KB

Download
memory/2480-347-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/2480-346-0x0000000004540000-0x0000000004541000-memory.dmp

Filesize
4KB

Download
memory/2480-344-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/2480-321-0x0000000005070000-0x0000000005071000-memory.dmp

Filesize
4KB

Download
memory/2480-271-0x0000000004A50000-0x0000000004A51000-memory.dmp

Filesize
4KB

Download
memory/2480-89-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2480-273-0x0000000005F50000-0x0000000005F51000-memory.dmp

Filesize
4KB

Download
memory/2480-274-0x0000000006BC0000-0x0000000006BC1000-memory.dmp

Filesize
4KB

Download
memory/2480-275-0x0000000006BD0000-0x0000000006BD1000-memory.dmp

Filesize
4KB

Download
memory/2480-276-0x0000000005F40000-0x0000000005F41000-memory.dmp

Filesize
4KB

Download
memory/2664-0-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2664-39-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/2664-38-0x0000000000E70000-0x0000000000E71000-memory.dmp

Filesize
4KB

Download
memory/2664-45-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2664-4-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2664-1-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2696-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2696-14-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2696-51-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2728-13-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download
memory/2728-29-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2728-53-0x0000000000F00000-0x0000000002637000-memory.dmp

Filesize
23.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.