Analysis
-
max time kernel
267s -
max time network
268s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 12:26
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
AnyDesk.exe
Resource
win10v2004-20240508-en
General
-
Target
AnyDesk.exe
-
Size
5.1MB
-
MD5
aee6801792d67607f228be8cec8291f9
-
SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066
-
SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
-
SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
-
SSDEEP
98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AnyDesk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AnyDesk.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638784571910646" chrome.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3344 AnyDesk.exe 3344 AnyDesk.exe 4616 AnyDesk.exe 4616 AnyDesk.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1084 chrome.exe 1084 chrome.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 656 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe Token: SeShutdownPrivilege 1164 chrome.exe Token: SeCreatePagefilePrivilege 1164 chrome.exe -
Suspicious use of FindShellTrayWindow 32 IoCs
pid Process 4840 AnyDesk.exe 4840 AnyDesk.exe 4840 AnyDesk.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 4840 AnyDesk.exe 4840 AnyDesk.exe 1164 chrome.exe -
Suspicious use of SendNotifyMessage 29 IoCs
pid Process 4840 AnyDesk.exe 4840 AnyDesk.exe 4840 AnyDesk.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 1164 chrome.exe 4840 AnyDesk.exe 4840 AnyDesk.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4616 wrote to memory of 3344 4616 AnyDesk.exe 81 PID 4616 wrote to memory of 3344 4616 AnyDesk.exe 81 PID 4616 wrote to memory of 3344 4616 AnyDesk.exe 81 PID 4616 wrote to memory of 4840 4616 AnyDesk.exe 82 PID 4616 wrote to memory of 4840 4616 AnyDesk.exe 82 PID 4616 wrote to memory of 4840 4616 AnyDesk.exe 82 PID 1164 wrote to memory of 4248 1164 chrome.exe 96 PID 1164 wrote to memory of 4248 1164 chrome.exe 96 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 1644 1164 chrome.exe 97 PID 1164 wrote to memory of 2424 1164 chrome.exe 98 PID 1164 wrote to memory of 2424 1164 chrome.exe 98 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99 PID 1164 wrote to memory of 1564 1164 chrome.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4616 -
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344
-
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5af8ab58,0x7ffd5af8ab68,0x7ffd5af8ab782⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:22⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:4108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3648 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:2668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4120 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:3492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4600 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5084 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:1116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:82⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4600 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:4220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1956 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:4664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2328 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:12⤵PID:3952
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1032
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
810B
MD52ec50d1f2d6df1d4b65d043db8b5cce0
SHA1232712098d1d05cce51fa88fdfa6df66cc69b806
SHA25686e0c1d11790825ead5b387441b89f2fd781ec4d9ceb55ff89f28dde099edca4
SHA5126cacd6aa2eea11118bace76cdfd684e57b28b5b5684ad0fe802cd35af10fdb42ebdb6026c2b883686cd72e3e2b5e1b74a195f0801002f42086530670753d25ba
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD547d44aa16d4faf54b35505e7d62d2665
SHA10faacb3f0ecb1ed079e295f2dee815773d34735d
SHA2564c6a9b30254cfecb320c56f557829825769570b70d46cfc194d44333d6481ec6
SHA5127ebbff8e1cd620f89cebdc04965e93454b348d5d2c5cec2aa7caab80546085dbff650189c7c9c382656abb7e488b2173f6f743c92062ab24cd2596dcec0e5804
-
Filesize
7KB
MD52725ba9d09d392fa9b2842b9999f9101
SHA1c4c8298124197629ed2de90d0f7475e34a5540d1
SHA25619ecc1706c997e4bc01ff178641383a78e5865a81d666f5b60d9acb429e06c06
SHA51262963cd771d349488e748883eef4785ea18dab26fa859dd751b1f4e0d8e34ffae804e18b60247896c85f34408e1d27640a4008c8ad374ee92953da0f4b5c0ef0
-
Filesize
335KB
MD51e72a7b81030ea9631780e44e062c5be
SHA1756bf56df20d13339adcf390d44df0ef434c3bfe
SHA256ce6f26bb2cad6d5fa9e61bfb27c3885f074910025a2ca833476c892ac35c123c
SHA51254e359d851def447c3ee5a08eee013fcd1ad6766d141f28a0979c3947079484f570096ad8db77803f448fa56a14dc2a2262a2056a3b3bb38e14ba2c7e998e64b
-
Filesize
291KB
MD56c185415bd46eeaa820ee75a2830eeab
SHA1dee2c6278d9cc1a7de33e0d9fe92fbd02bfc8108
SHA256357ba54a067e91f9c90ecf527cfe25a109318408ea1b6a640ac8c521b368421a
SHA5124e9f26cbbf7e353d6f3bf799563aa6f01b6312ea48d44d29cd9bda9779c6f949878f49e17f855b0fca0d8b17796da28f415babdbd0b0bd3762b46254ccaa1d94
-
Filesize
257KB
MD5484be5cdd616d1fc70482bd518a8876d
SHA1156103d0f5faafe3e1882f20fd27551767e1753e
SHA256d9913ff3c5aea4805d4c68b18308bc2a6400643305fb34b8545bc5603126bdf8
SHA5122652dc393ba0458c2478bced195b57186f07ceb40a9436355ddd0917fd0a782b9451e86a90f6afb3471da882f293f03e3e0acf6c66a46007882fe8e38ffc8d41
-
Filesize
257KB
MD541e31bb85e1b5db271a60f55f9f4e458
SHA15325f32ce5e9144e3b4171b6d5b5f0f91147448f
SHA256ef7da3c1ef4b24bdac0f3e48445cea1a6efd24a36c222855579499d2f6b1cca2
SHA512972d99003532c5c2711841b2692a5e3ffdb13302e56b36d3f24ddf72cc248025806eb7bc5fba4dc718a3191c1cd7d0c577f9a38ec7504bdd81d71111f60d0291
-
Filesize
91KB
MD5c2b4fb00b9e760beac5a09441686364c
SHA156a69f591a80f23ff748b01d807253748526c34d
SHA2561a4789d5028d094553d53a8b1c6a24f89ed4ab1f4141041a1b483c02e0ac60e1
SHA5126fab06b73f4c930a5e588444655aed2e3008e70bfa8f2cc132d44787066480c93f5911cce58c41f1da71fd1a4ab255090f701497ed4c0fde08515964946949f2
-
Filesize
88KB
MD530abc319c8c4b9d4838943db8e33d0ab
SHA11706ecb7336509a1f45c6c36ac2aee5dce7d739c
SHA2567114085eece65345899e860534b86a5823bb8c14ea5ebdd4d0bbb81127667abb
SHA5121d314365a276b074a8bb7a8a2a6571ff4f16da3204c6589ed52466971f49475b239a8280f6f2a9846b30819de422bbb3d20893d451c478cc0315aa644554b1f8
-
Filesize
264KB
MD5c25a64396b3f7cfa2bf579e8e965da11
SHA112ffa25bced72389613e17f03896453adeb5c4d4
SHA2561ef737175cfa872efaa6de7e1482cd525596a2149c6972efece77d7b24919abb
SHA512161a3ef67a1ab6afa7adfad4e9624a94f41e1a119b063f9d75b5e5adeee5c8ca2e267f566243933f08a17628705c39b83b120a45dd63019eb6eb150f95351d5c
-
Filesize
10KB
MD595184259d553e7e4d523fb9aa7ef1bee
SHA133a7d3dd29f2d270ccf34bf5e1a06c87aa0a6a0d
SHA2565bf5186221f047b43504d8c60113dbf46bef0fb9fabba6ded010b7036165807d
SHA5122811c49be405652896fed78d0c5f13066f33c2ad5c635224fc6d0140cd0b4c81ca477819f4193557f16f36ecd7c2e0756d17c679e9036dad3e21616ead638bc6
-
Filesize
2KB
MD502175d4e5484afe77482cb9313d8c843
SHA1c8b2fb368453264df5969341010da30ea84e76b8
SHA25628ae606b68829c5d0da8cf359e0f5d9f91e535ad005d90519993c5ef7eefd943
SHA5128c07250a97840bb60ede44895e3c92d88822a12cdfc1e8fb65d471a4dde6f2835d0f34079fbdff05d2a4aad26a24d24c168adfacdb7b781631781eaa883f22c5
-
Filesize
312B
MD50c04ad1083dc5c7c45e3ee2cd344ae38
SHA1f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA2566452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA5126c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492
-
Filesize
424B
MD572434710ea8dafbce7ce1b70485665fd
SHA1e2014b5b45efcd73b6b37bca079b7d131596d90d
SHA25659607db669b08753174bc92c123c5297c171ab892e7768c662c438fd4c877b9c
SHA512afe399dc1311f86012f05ae0770611e0f8f33bfcf8aa9f32024de6ebfd2691dd36aabd554eaaea39831b206cd6ee1c05a0c27e9fc1be25ae501c9c47bf5f852d
-
Filesize
424B
MD5bfa4396a3c60f2977efae17a23097770
SHA11deffc56b8a31c2ec13448a34915d199fbc2efda
SHA25661f6d33e0a1651498931c49fda679c3fc834d1bfe16a03c32b4b46ef9b6ead1c
SHA5120ccc528c2484d18f18cc0a9949d3872006000fdc4e38eb414e742f9e8d58d119833c272e9eeec7e71e42de346d1e247bd1f189ec0532184207a1b19499df2833
-
Filesize
1KB
MD50b467ac63038a1a47c8ab16cb5f5a659
SHA1d18e75e6f75f03eb106c209de7d7e30532db4981
SHA256f8b0aa017248333c42369702d671fa289f5559b8f604df84ef20689cd61c0406
SHA512a7c4892b5ddc0a1fec7dc051e01f19f8c2f00039b1d0e61352694683fd096d4420f6ae9fe65e7d01c5baec99bb755aadf707cb48a89de077f601fc281a19cfc4
-
Filesize
1KB
MD5ecabe4025ba0be7f4c781977f2d288b3
SHA1a7679b4414a07b09f38880a78b58fef51c871bed
SHA2568e5075df1fcb1bdf6eb68a517b319539a1f7c4675a0564bef33f099372e80a81
SHA512bff8de3d9a863941451e859c53e8a418129927fc981e84dbf75052661372926693fa60d4538caa44b1b281a4e83e4e6ac5a541b7ef462c9f3fbe79dbb3915bd6
-
Filesize
1KB
MD5f713e3cbfc35c67d0674c32c7cd5c52b
SHA1964ae4f5a627327914cd29560e035e4e600878a9
SHA256a3b4b1eb32b0c05f67d62c3b3d6a0f0bcf49e848f24d778cf7391044bd15b844
SHA51291c8d0790ce4cd5d7ee6a19b57ea5b52b2d680a0af4022bb983a1473d91890dea55681ed9205faaaf21ae969c8d1da0d62b5552cbdbb22e3cacdc5c3453bf1ea
-
Filesize
1KB
MD5a1effab005d3b415fa0d44623bc24af3
SHA141df9be17bf6207955c6d29c2a3d0ce347d1d93e
SHA2565810e700b785dbb6b64fb47269263ca94380204f63d7db687badc23325e58e47
SHA51288850ad0ca636e84ce85a2e56e1d2b331300c365237e36a40e9d74c6648b550827f59e4a91ac23c6fee19d90384ddfb095533a67dad4207cf102cd0497224f4e
-
Filesize
1KB
MD597a603043107f9b7570cf35f9f480c50
SHA1d2dab47197a31e2716110a735148b6f842f5fa43
SHA25611f4eabe2695d595a7de4ca49c5798316910db35462c6d3b6e19300c093da8ce
SHA512f5a86efdb5235fb8fc0d7197c27c86fe728fbbfbafedf584012a99397512e0f3b32f0c11ed14a86eb8c4663c10b6e9b30e29418e50c5ae2a291034a54f5388bc
-
Filesize
1KB
MD53ca5af0a3d5ba0865659ef32c0f40414
SHA1b1832cd57aa6af7a5eff71aaf066c6a532fe3cfd
SHA2563910a7d4ebe6ef36096a78857090074d88e0c958268a94ee32dbb2838f2143bd
SHA512f1d5fce3cf80e0cef30304fe783bd84c24cbda3234c9ad3dda2c392f12ea9f9cf011c810f77afe425e8970a6b1333df589c465e267a8e741ea19a465980b8089
-
Filesize
1KB
MD5261cae9718069da1604543db326660a2
SHA1571f5ae15f02426c87cdd76d63c9a86e2aa5e20d
SHA256bd55ab7a61041bcd44d0d7c84265e3e04dafe4533a5d97c2a825c8c73b7a0a75
SHA512f8ba8c2892a41f9b9cd548977d5b62646f4d0ea6ccb1b37bea20ef7e7d65dde26b1bc85efcb226dcd43d71c991db0815144b3239e0f2975af95e95c1d259c67e
-
Filesize
1KB
MD590164f1a9fe2bef848623cdacc83d90b
SHA1b370f78768ea585bafc4d6923639bcd3156f509e
SHA256db6834322dcb7fbf90d1fc8b4ec2b9a1bcbef125e47d16aafefbe21c14e18dbd
SHA512c9832eb5039eaa78cdec19c2644d845e2805bb375ed13ef932638978a94d5cf58b9c7325fc384d351f966657195b8ecaf456d0bb7be67f9f74446c6c26427095
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize3KB
MD585149c24a14bb5b6af71ff4019b61f1f
SHA1cb5c153a3e54da02fdeca90b77f0e5d1eb103e2a
SHA2561b70df4a3982a02f0fa04a60160f2e316a9b67dfac34a92254a1b6403d138e7b
SHA5121d0da8c3e3d6b5fd2882b3b2957816f6fb441e2d1785a23272fd23ad70faf47d93e4118c1d27948a89626bb5344aeb760fdf125f6097e6e0d147ef8e9bd4e597
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize3KB
MD53ebd6e350911ef4eb27079a1b9c9078a
SHA1344235371f0034b21fe6ae2e72c9df3c29b556ed
SHA256c0ee4116794ab5f83dd3d6837e3c52fae57c857e2f9c591bef46029a7027b2c2
SHA512583c16ece6a1692a307d604db5f9d229c694a0a1b806f28ae3fd441df2d937c868f5609dc3a7c6794f37c9276defa9ae3be67e27eea28c4ad90b6ec33aa02d39