fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
324s
max time network
326s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-01-2025 17:38

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133816955383760774"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{AF63C14E-14DC-49F0-BAB6-EA7EDFF0038B}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\virus-stuff-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4840	chrome.exe
4840	chrome.exe
916	msedge.exe
916	msedge.exe
3088	msedge.exe
3088	msedge.exe
3084	identity_helper.exe
3084	identity_helper.exe
4168	msedge.exe
4168	msedge.exe
4332	msedge.exe
4332	msedge.exe
3272	chrome.exe
3272	chrome.exe
5460	msedge.exe
5460	msedge.exe
5460	msedge.exe
5460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3572	AnyDesk.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
4840	chrome.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
3572	AnyDesk.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
3572	AnyDesk.exe
3572	AnyDesk.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
2396	SndVol.exe
2396	SndVol.exe
2396	SndVol.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5260	PickerHost.exe
5436	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 236	3996	AnyDesk.exe	79
PID 3996 wrote to memory of 236	3996	AnyDesk.exe	79
PID 3996 wrote to memory of 236	3996	AnyDesk.exe	79
PID 3996 wrote to memory of 3572	3996	AnyDesk.exe	80
PID 3996 wrote to memory of 3572	3996	AnyDesk.exe	80
PID 3996 wrote to memory of 3572	3996	AnyDesk.exe	80
PID 4840 wrote to memory of 3792	4840	chrome.exe	85
PID 4840 wrote to memory of 3792	4840	chrome.exe	85
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 4652	4840	chrome.exe	86
PID 4840 wrote to memory of 2860	4840	chrome.exe	87
PID 4840 wrote to memory of 2860	4840	chrome.exe	87
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88
PID 4840 wrote to memory of 2748	4840	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  PID:236
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffe9dbfcc40,0x7ffe9dbfcc4c,0x7ffe9dbfcc58
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1652,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1648 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4328,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4288 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5308,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5424,i,1270456444508580450,8375812347847163185,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4512

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea0433cb8,0x7ffea0433cc8,0x7ffea0433cd8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,5464203439837354367,6767728713377621871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1196

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_virus-stuff-main.zip\virus-stuff-main\hamburger.vbs"
1⤵
PID:644

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_virus-stuff-main.zip\virus-stuff-main\rickroll.vbs"
1⤵
PID:3568
- C:\Windows\System32\SndVol.exe
  "C:\Windows\System32\SndVol.exe"
  2⤵
  - Suspicious use of SendNotifyMessage
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:3272
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9dbfcc40,0x7ffe9dbfcc4c,0x7ffe9dbfcc58
    3⤵
    PID:3104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=1968 /prefetch:2
    3⤵
    PID:3688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=2004 /prefetch:3
    3⤵
    PID:4408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1924,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=2292 /prefetch:8
    3⤵
    PID:1912
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=3132 /prefetch:1
    3⤵
    PID:4460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=3164 /prefetch:1
    3⤵
    PID:1892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3584,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:4976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4628,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=4612 /prefetch:8
    3⤵
    PID:5292
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4288,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=4640 /prefetch:8
    3⤵
    - Modifies registry class
    PID:5428
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5352,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=5336 /prefetch:8
    3⤵
    PID:5632
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,9456977771797803346,6512952106163175251,262144 --variations-seed-version=20250117-130131.443000 --mojo-platform-channel-handle=5152 /prefetch:8
    3⤵
    PID:5700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
1⤵
PID:4020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_virus-stuff-main.zip\virus-stuff-main\start.cmd" "
1⤵
PID:5528

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_virus-stuff-main.zip\virus-stuff-main\shutdown.vbs"
1⤵
PID:1496
- C:\Windows\System32\shutdown.exe
  "C:\Windows\System32\shutdown.exe" -s -t 60
  2⤵
  PID:3404

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5260

C:\Users\Admin\AppData\Local\Temp\Temp1_virus-stuff-main.zip\virus-stuff-main\melter.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_virus-stuff-main.zip\virus-stuff-main\melter.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4076

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c4855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
b4427802adccf3f470470ddebbde18aa

SHA1
d9a952d85451499bad724584ab43acb700060c82

SHA256
abe3733b9fe5a0cef8a940cf237f79d428f3f442c07ba262f96b59d08a567a86

SHA512
cddb4e713faa15e87444b7c6fa0ade3dd2f9679c937a7351c21eaf8714e4f557248e5c271c1f741e2880a6685e7ac21231897f1136dd482cc9513d4e09311aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
003e79756a1d5e415e77cc1a6097a0dd

SHA1
060035777a24e1537a2de05161d8d4fc85e90a21

SHA256
b499ea802e2c8eafd109061da399d7d8e266730b30232f940e1e566af544a345

SHA512
7c39837bf587cda238593c2d46f44f3831d79b0933b6d2fc2b3329dd13f7a43449d882e0446c1ead26fe343d933de4115443f9e7f581b36e45ca62268bb9487d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
0b8ed53fd014b184d85a4addbf145f88

SHA1
83d20848b2395cabd8c40b7788c1dfd419f4a971

SHA256
367d8a1a09038d947669a5a60549877f76d6308e52cc26a466d44b42595626f6

SHA512
96391fe621737f8a95c6ef203534245ee6afcbcb60ab2359164153024516358409cef84028d3cd0f281311297c73a4cb04f69b99531eb56e42581bb6077e2933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
ab9b0685c1855f97f07505b40e769ec4

SHA1
90a279f3ea674369857d6177409c1b1a536408f6

SHA256
2b7a23e47543af5af5175177907a7e0a6da7fc6db3b5a9e259c4fef16a8cbf1c

SHA512
5c4e64042e20c1ed7d01510cfc547b83b1c2cd3f9cc9c78469eacad36eab142ba985c05b4c7bdda59cbc9ced49e2c6696bdbbda440efe68635917e91e2b6812c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8e863ba2e73053d475b8bfeadbc70fc3

SHA1
6c80ab7a9b493e2a110d4397d6b1f435ea9da70c

SHA256
e912cd9f44865d3868662eec967affcd1cf4b9556e8f3fa3c2a07de31db527fb

SHA512
0e930f44f041130e456f158dd0806bbf4cd6b9cb4c24ba456799c247b04ddd4a8597fb5dd46b869b1308e09c0d43878587ad959d788e70e93a3e31f420d98710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
65fdde3460914b8e602f61e16bd907e7

SHA1
440654e855ede48aaf25ae700e01ad54b3ae5a31

SHA256
ae87a1524a5c7fac0f87baec9d051e540f47550ab8beb3530ed92a25176519ff

SHA512
5ef7ef899f94144517afe1b6e15c368db8d5359ad4c8e0b5a33b24cdc72bf8afc81b069e1051782fbf353005d81dd4e2a47bddb3da5be9dc4c3ee190ecf639c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3852924ad745bd96a55aa34323c3e93d

SHA1
1cc4c205d6c341642ea446b701ddc581979a9d55

SHA256
2e7bff472084c1987f785b72f28a9cca5ca9ea1e9eb8333f6b1c58672d84b7b8

SHA512
771f3a388f153c70de26e902480b41db9fd2f52103a2f4559a2b3d800202b33eee1c8b3bcdd987dcfb83f508c39a1e195ac06844b9f00df9bcc9ed5cccd451b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
6e96f8198d162934b8aeef1c7d83daf2

SHA1
5e994ffb383204251d5b30f3ec245a8339c90577

SHA256
9f08d1d049d13c3769229b08cc1c18f66ffa20fbadb69ea4dc691df7c001c07a

SHA512
ebfbc897fe68591c067022097e982ac27e01a22638c4b6466809bd5ae6fa6d43e1422132954e2d5a2dca9afbe591c08743c2df2a463ca44601aea36f5a4653e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c9b0ec3e57bdd81233e0cbc345630ebf

SHA1
88a5d15bb744a330e3d0d7e148c9e95ee788d4fc

SHA256
a9a6791cedee8f6d757bddeacf8021e40b1670c5a25aa0df104c908d87818b02

SHA512
e3616e9602017fa01f46a2d2e1bfc41b1baa737f823a6c1831ccf0f938600828cc784569c3195624fab6e7db37b5cdda1ddea57cf30fee526065a96cfe1d49ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2e241906bf718b9a0713e1d7ec32ade4

SHA1
e3040e505cd86b235a4a8a482d7488d60c76206c

SHA256
29b3f4653aa9781b91c7840d8edbd2b225b8d3b8eaa557dd3ce05e7d74c0baef

SHA512
88a4fdbc1d25016816afd9bd13a54ec5844ea3d8f053a8abc87e5530f0537d5bc0f2946a9b38920bf658a270c036f4136ca1525a816d19881b5fd23fdfd7e59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cca6bcd523642e8a8e810db26a05aba2

SHA1
bb0808ecd65890a5bb05d03c6dd39c7ce70e7a29

SHA256
6ff6b8c8d6f20b82ec644f9b903fac1653912895220458b5c9957dd3eaca6d91

SHA512
cca0e1a20eb3096ae48f47f555ad374f0037e177cabea9c0668bc4ef31a71ab1ac764a61d4981f598f9ac1d47005597a4f0713a2bc72508d45b9136a164c4e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c098684220be2b1ff3343d067d27c9cf

SHA1
161ad51d881fc2d8f3eeb798ee654b5216511c24

SHA256
ae55189caab04c0d0487a6c7054a73c8fa45465f0f7cd1fcc9876b656b078a1f

SHA512
d5c3f7a56dd826df93fe6827e6677492dd8d15c58fd207e81e7744cc7677ec22a3334a885c135d2a02c6f43cca01a98df84ed0a5edfb3b1f4c1642f668742ac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba40003524187749467123aaf3146020

SHA1
56873a14a1aa8aa897f0d5596c764ce19803dcc0

SHA256
54ecc7cdc929fa8018e6a65589a98c66b978a23942ff3a96a93d7a7aa824fef5

SHA512
cf805cb0acacb188eed55fcc52e2901d81826240d455b916ceef1d5229ec5625de607f05c182975201f03e86c6bd2620fb3ce807d6de8b7e55b2222d2c7f73a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23fccce8748fbca6964d441213878032

SHA1
c8153bb8d71b171d344446d67e744b160428523e

SHA256
10703fc1417857eca7f6b3711a6f8aa8a9029cb3080fcee759412ccf894a9614

SHA512
256f9fbd77855e5aa16175fd6dba4c4c96cff9457a81b687590f46ab41ab1248ea262243e076d345af58cc9d04bfbdb88281c853f0b2ebdd89f70a3d4ddfe1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8c803215d717e7bc43a0a45987465f2

SHA1
1b9dd355a00bb49c53815c0325269c521e60784b

SHA256
d2a7f310cdf758958ea13e74cee3bab610a66a2eacf68e33e54a343d93f4cb83

SHA512
eda5a88d2adfba2efe6941a1c6247e2f361da30ec83a163cdcc4d97809d981460b09134f23a9e3535cdf0dc7d0c77ece86115ad204021d93518eb984f6f3bd31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4ba8c8ace774ed9f5761c2ce8180cf1b

SHA1
c63f0f93a12d6ac42c6b406f8e089313a2bde797

SHA256
b7dde45c6c9daf92b424bcf2a7cc6241809412bff434186a37ed0b48adbd7ad5

SHA512
09538bb18570c3c882a2b4a250db9983df944cd106d23558cbf4ac01e06a952424bba5918cddbff07bdf1262bf17ae219e4064ef38d4ff6a53f1c06f44ce35db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3605109025bff84d62e086c68a594f2b

SHA1
94df33aa6e5a9ff2fdc988d50d0c314e2fc5b929

SHA256
d0f9250970095a22d95e4f1e67562b0a784c08bf37c587fdef8a3b9ed1a3b63d

SHA512
e92622063f8f0071d8e6ad0a66eabe0fce8dea965407fb0ccdbb2252b16be7f4839117404214b23437d851097a83a7c521708381135a6ecc1b69e42c6e130d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59d5d655-f80f-4944-b2eb-dafd141a53fb\index-dir\the-real-index

Filesize
2KB

MD5
b543ec02ad3beaa2b50efb63e0db7bba

SHA1
a175da0205ffa8ef31a950277a9b4abfd4598409

SHA256
0bb35c1764e2fab12c099938e9cc16f2824d9f12b920d0063096ba5a4bee29f9

SHA512
0ef85855df0582e34c93b918fd7c0e407e7bce4e35f5b500658fce1f86aa9de4591f33e8679b9d305096508e4149efecbfbbefccbdcc1b9c6b0a32b26a777fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59d5d655-f80f-4944-b2eb-dafd141a53fb\index-dir\the-real-index~RFe5a8aad.TMP

Filesize
48B

MD5
cee1dd4b329ac2dc1c90f679b90f0510

SHA1
add944c0bd4fae7f375260f7a992333de8c5e4a3

SHA256
e53b47077bba70225de6fb84664daf7691c9800fb0d8da629ec31397b1de1ad4

SHA512
d5d395818a9decd734a9397562ecbe705b0bc24cb7bfed471a0bf27bda88f7d0bd74296e07364407b71adcba3d901e58dc48cec8826f22f5f2f4ed485f130c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
cc0e6e4780fe9437a5ce84b597a9241a

SHA1
a8ec5a862442833c5ee2d3b702102fe95d3bb1bc

SHA256
7738691fff23e23e8cab3f98867c5a52ffcc914c36e6e1c9940e868c8a65d766

SHA512
d679926888a743a3425a31d5d4d1bd7894ae66dd3ccab411831e567836b1c1aef9f2a92913d41e440ca24e91bf89d96f83764e99c884a3c8f1e46401fbd65269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
dcc79d30e0bc4ded342a395a3aec9584

SHA1
4e268ec71985c716ff24479c902c053af55b15d7

SHA256
f06d78d3870d15caf01d7d0aa5d4203c6821ebf7e1c62ecf273956e77dc80f56

SHA512
f91192588a1dc2e91d1c94310732dfaf5996c0becb604371894e84d21e2a5c559aeb5f872cc93ccab724508288445c59db5a5dc93759163760bdf9e5db738e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
c77f4ccdaafda9af8132b819148abf0d

SHA1
3698ef4ae5909c9eb2dd0ae4a299c4374308412f

SHA256
3ced504398ed85e1642b15d78be18141ad70a91be5e6f918585d0c6e6b1367f2

SHA512
14c693f545c3af33204b937e07572e433032328bded6064d3e10be21cecbe518ee177923862dab22c4fc1a73572d54f9bb03e24c3c3127f8ea247252cbd7454b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a6f17.TMP

Filesize
119B

MD5
b8d896de8e0f11a229c8166fe15bc623

SHA1
8fb413f4f20022f5874e2d76ffe6bfcca8dc618c

SHA256
a8849f6d2bc5829577f19727f485d5e4da2f1149a93bf8578b8a2641f7b754cc

SHA512
26f3450e75fd73f02c5e2c56a656892625b37939dd01011242d5d8d717a9334a90ad193bd92695addd4ef1a5ccc9f408b43cca5d431b976f5d1b35425ab1e36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
810d44e6e82528a3f67eaa2a0f62262e

SHA1
c7a60c6c1c026a94f5f453e9bc25d68c64c13d04

SHA256
241112cbf9c387923bc1b13ec06fc5852a6fbbcc12c4359ae0ff79ebcad85f9c

SHA512
f23839bc3328565aedca202aa83d2fa3b32c3052fe6cf1eec4d3adf3ec00498485240cf13caa9244c249a1a7b6512ed9024de1dbe0c2e88917e5bdeead5846db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0225a04c670d806f3f1db5b4c9516373

SHA1
c8de872fd01207dafe40407e6c14c7cf846eb071

SHA256
22d310dde4c7c057fe415fca453e1a59c78f3d508fa09e78f9f11c1eca554fa5

SHA512
b758d26e0f51e4ea806c0b2a5a0edbbd9d2ac2ab5d2f8e661be8f6e2130a249aed2d1cfebd4a4a4801f86a882baab1e20e6807559a3a9735c0c4b58811f0eb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
1001B

MD5
9b4d2aa85bae2b94477371dba6544b2a

SHA1
4dd2d97aa25b2723a91016ee5b403619e7a4eb99

SHA256
3af45701fd97bc8ae6ae8e9f999d5d8b9d61a9a7914faf6518450f454e884223

SHA512
f6351c370d91a87a2b0abd8da8460e65a8149700beff2e819074004101133e750b1e60ecdf6ead73d1de19f37258e7853084d65c6adfeab8707c480d9caabc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3272_1001837642\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3272_1001837642\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3272_161018036\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e5d72618-63ed-4649-9358-2a3b93105cff.tmp

Filesize
649B

MD5
9ad56f3873303ada5f9b436ff76581ef

SHA1
884c2b78e5dfa63e2d1c11cbf3ca394fa13b75a0

SHA256
631e1acf18174ae72e4f70b6c516a5448d018f2d2ef63c2610eaad8b11c13c18

SHA512
7df65a8bb8631ae73afa19659f5f2d9ed202d38e9a5fea6c4de209b0318e2180d41a2bf5eaa57daadd63f0793f95b2ccfc453582842df9db869fbaa263fec4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
d5461864d8bf69d0251d1a525b999c19

SHA1
901cec8da878ef1aed383f83c6d6c95cbb419e3d

SHA256
115bd15687dac0d4b1ddf0866842306bc0566175c789658d7ae63f20103b8d32

SHA512
945f0c4d182d3065bf2a74679d571705b4bf428e8d680cc14d136d7619c0bc2ee3b7b663ff6df2c5da9c9e4504968e64c0c4ecccea03b498c4b86aa70efd367d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
305b82983c618e61a4a3ecaef98b09bb

SHA1
13213b664aa48ad57ee1e9c5e6116dec48ea6b05

SHA256
a42143cdd056e252a53e770ff75b565f3cda78f0b751b4f747f1a781d32cd477

SHA512
ca0fd4ee0dddd446c4903fa6a4342b5c1ed04b0cf5ce502570f569a5c5ee6540e6ce5393f6d60299ef119bd12c3b7328dae286df6f569ea17a22823dcfec0aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
26665a4c391a8b1631c73eed997ff110

SHA1
a0394e4abbf403918cd73d392c8f66cc8e82fa09

SHA256
df89439ca4454087474d6143011edfadf2b8830b6860a33a61e4394926dc0acd

SHA512
17d76db5555e12444c07e12a773f57a3e39087bde1a50cdba32d54828b0df537dc008af942ffb1e3bc4cd23a2fbc181c5c9044ce9575eed187a8928c82aa697c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
85b195fbfa7c7cbf3030da2a3c595b6b

SHA1
8779619f6a32b2801efe1836d5fc3441a92efc37

SHA256
e328cf3f8c5a3dfde679650952aca97858fe0e387dc43051605d7765b97f9726

SHA512
e669eb4356403082b0a471dd5cd18ed47336c999952cb3d1c3c398d9a200db6fd4c5a37cdcb07f337848a3c3af790782f0e2b32dfb1e987867c34a84bd3d4225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2395ce5e2439840c44b994e048c86ef6

SHA1
266422a081e4b9edb291bd6ca79b8743659f8343

SHA256
6ad297a16081199e7ab32fffa7e6bc0f0096075317dd0931de1ca71fdb597089

SHA512
80c3a3ba8893a8ef176bc545a4ed9e205d57df180ef47d88cf278493d21d433518fc978a75260a866740ec8b091513fb86f394822da2e6bf781824367201f8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
1b084e66bc7cbc085c50454897e49f57

SHA1
198c1bafcaad21cca7ec55f53a3c9347e94086b0

SHA256
6b2b6ad289f1c81a7061123bb312a07d4f0c7b4aef64c4065d492307368ed986

SHA512
dcc9a7b5e27cdb1d5782daf0172486c3d680792e8755a0bd031679a1f04194eb54112d868082c07b5398cfb513cf6ab9fcdbe61dd5ced8d823e3560c703aef4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c8f08a4-c3fd-447a-adce-31bb99bb5f4b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fc94687574cfc71c68579ebefadd6743

SHA1
858a8f8728417122d78c3227271c85338cbc84b0

SHA256
394ffe05c85fa22329cfe5b0e8019be272981f766fda99c5d3be0d032eb313c6

SHA512
02c02903f873c9657d34707e05379da2c9982a12e55e33626e40e30ae3cd0b0ee421a3da64a04bcdabb9c71afdb3897e80e29e4e214215917e2b142620fbf963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3d3acd02217f0e39a95bebd8a63e3e7a

SHA1
73785e709fdca1dfccb3284b4b5cf5e394700192

SHA256
bacdf558dc94ec7df90d156c32804732bbd71f64cf329b9fc59bfc2daf56941d

SHA512
55c5a1113fffd1b5f9fda3c4d803859ddea1b3ccef452572fd4eb73fb821769eaa4f402befc230af43dd5736f6ebe22d0f466bb936070c5d52d8168ce4d9909b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
ed8a8f96e8c27667c5b9e25ea5e3d350

SHA1
6691563cc3dcdf312d239782aa0237282838b607

SHA256
d258846e195b07d7d78c492f1959569f0e407179d41ac692491e002313fac849

SHA512
7901ba3851b40978ca459d58bf638ad287a6e888d1e586c0d07db5a46f87d5227419bb765881f8b857682805b83e7139e58d7f671fd259afe24323e4727c1620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58f94780fedbcdc788815cb290ec539e

SHA1
42989e6cfcd2717ed37dd54c73f3c4b323fd8091

SHA256
4a720a89ef7f8152435442db7adf8a4f6b0372166cde53dec2fd2c8f3f8acd85

SHA512
c00f2fb2248b68f9c9ac1a90c348e57bf377c88bf0c74c0991ed79bfebac377aee4359d74b6e828c06113309e74aa30a81b733411fedaff0d03f54767d6d5055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bbc0efbfd2df0c43ca567a8175fd2d1

SHA1
96ee6822e0aa22f241586fcace746d10e8919594

SHA256
79626546dbf0587a38e8008d9f8e851a07d45f6389344e88bc3b1171a0316a9a

SHA512
e2f462eab2e5575fd6b48ced55301412bf9808e7d5c313efb10e1c5875a149fcea01189c98f26081cf568b2e9aa45e96a62b1c31bbec5797d4494c7c47710388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
619d3733461b584eae52e8ae0ab7d65f

SHA1
e296e4edab2554a91182ee671d321bfeee80f89e

SHA256
c1cc7a7d29b64e944d35cf5290cb8a52ea695f54c43b9b084015837169662df4

SHA512
0ba760ef4cee2a3f0ceb78c7a074be3b134202e5085d7d576a7fcb2c436d01826b0df02c8c0cac650ad0170eb0b2583035d1aa78fb7d65e250657dc6421681cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e5229305db29a0ba0837d0c6b803afa

SHA1
4c6ef57a8bc43d0c1b369638e4b528b93bce6805

SHA256
521972efd385bc7a8b091064a70cbdb18eb2ce93244d5ca7ec3c3f5eab5e9a2f

SHA512
db7757707f852aefddeac2f288ddd7c40b07e0bc4a82f4270c4ae33b0d018bd769fbf67a1856c6bbba893b0c398938d67e8218b7ae5e4ff9c5c62b457a87e74d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
037d9837645823fea54d75fac9de59fe

SHA1
1c3405e260aa6005e286359a9367e22adab54274

SHA256
647497d9fc881939b44c218deec80fb0633a15f778f7cf6e0dee41757a2c1fcd

SHA512
be3f12a52650a215e1049ddbec720b83c11bd76ba7e15a1471480e990936aa935f5c3b72c643d4f0094f42108749ab3164e4eb7670c10c8cf3b54b5c6415fe56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83904f54159fea23da46bf65c26483d8

SHA1
1644efed91bc01308429717117ea291bc69370fa

SHA256
8c40aa0d539f51fee90ccbeb9b56842d7b126cba51a43efe5fc14339bea031a0

SHA512
3bb06f0aecc1013adc49e721e9319c75c35052fede6b4c128a885a2a3740a614aec027db196fd72cc73fcfeafe8ec61831beddc2da94a9c8a359983f1b4b14d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59911b.TMP

Filesize
536B

MD5
d9c4d50de8a1adf5478afe6574167c4f

SHA1
fcbe1145750464c615aa991827f9bf76e3b0ade6

SHA256
d1dc28eba1b3a7924f88732ebafbb6a7517cd50c7d5aa5362263157d7371a9ba

SHA512
70062ced8e559e009c09bfaca4488275972c5b768cc82c216759a3c8bafd770cb0491fdcb2d9bf921fbf7fff69d3d079f87d7c1d1b96530adc2965c45e5b0055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
34719bd7250291bced7d89f463ed3989

SHA1
8f1a556c34054659fb4adce66c45bed453d19b3f

SHA256
1834c37f8cb782efce8cfa0a3b0c43d72135f9095eafcd932fa3548cc8f47a12

SHA512
b1fc600c6f594fa507c1262636e97bbcc9fd9e3e263a7d6de9f209114a25a0ce8e864bb5206b21d87b576fadebea4ff977bf3cbcd2dc14de18ff7ece774af3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
513c755f4515daf9b68df225c5807701

SHA1
7d4e9918cdf7cc276745096e2b4327835c6b907c

SHA256
dc89a90d2f9096cb9a89c1c4c747c37fe2fa82c550c2723e4fc2b63f43b88dbf

SHA512
5035377ee96e48ae96c8729c929a3cc71abacb7954071548e67cbf4d3300fa7a2584bee651196bc090e705a37f5a34ba2832331322bfaf14675dd450d87336f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4840_1442572416\1dff67cc-0388-410d-a0f7-4761b9bbc540.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4840_1442572416\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
c8b2f2a596907a6aef3dda59c7fdcd26

SHA1
a3f30c8e830ba431a30a79ebfa5f6bff3c618ea3

SHA256
5006ecbb944d022f6b6be1d2f8862dc4b0ef8bb17183ff34b968ca94237a45de

SHA512
9372d4dfc7899628cb1d1d03cf3d22d202a30d133f49a9ac494e0da1bf93690f7c2d3cb3c8ae9201d03bc87ce19016789d8dee15e0f1c573e3984192655fe87c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
34af1723f77362f087f8abe4c2341679

SHA1
4bcccd957c64d0c1f3e30bdef237efe309630078

SHA256
7fd31108db27336ed24a933928abd22c8e8ec5e5637fc3d5553a000693594303

SHA512
80593501b5aa61530e932fa311e6f7c95d394fffaee3b1c473cdebdb509ac23a728006d9e6a4d99aa45b0ba9e202302dd11440819dd3956254685803f82fc8ea

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
765B

MD5
7aefe82adf886baeb27c29fee126a450

SHA1
7bfc2b3e42620166287a1b35caa46d7dbf48de7a

SHA256
9992a70d36ffc0fdb14466cf6268969614f43884f35a731fcdc8f51836a89128

SHA512
0f4dc9e1c01f9ac8542f472bb3d19d396ebcd82639e3e336baf1312a3a486fa4e97d0eec93d34ead1f3aeec990fcbc9add865d19f0c4479c947e1bf0b89d5730

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
822B

MD5
09ec5cddfefa595edec839815b6072de

SHA1
b07e3a85fb4e8f97f3979810efe30571c2e2a1a7

SHA256
0a7585bd7d9ca16bed85ed9d0bef04fc0bae196b3c75ec365db8baaa8e4eab98

SHA512
bf7c079c25c6479c1f53993a46e3858f1386491cb26cd0d0faedd2c0a4a427888df2a287069ea058f7f3164bacfb84cedb2f454128a85d30ed3b3b9e7a830d95

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
831B

MD5
086f08a77d3c091021b293af63a02c76

SHA1
df07e23799a38fc21c25330efacb2ca8c6d48af2

SHA256
008fb0d10180bafc37cc5b32c2a76f6d6b1b2c0655e1706b194a0f86cb2c85ce

SHA512
05834c330fa26eb7c74ac79b22291bc3ade96d91406548b397e2377d198d9866ebcf27f7c446edd1337273c25246d84b2ea6507199f17ddce2c5de2dc8dc57d7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
410f479cdbf11722c5c8c86b579d4fc5

SHA1
2c7d9ca0c3a90976dbeeecea5a02692f5a7d4ad0

SHA256
7dce9393ef733e3dd0e8a978486ef760b4de6bfad0ae217f9394434b67c59b09

SHA512
da9d031176a515930d4a494d03b41fa7898f885047ec475da0bc31f70a0701f2872c9b5984b0335a8d3aab7a36f2a42a48a2ba2cf2f94b4ffce188b6b3ffaeee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
1aad4f723a072c135bf7bd79a745dc0a

SHA1
3721d26bc65e53bb1f119a5fafdb491d291c3fce

SHA256
34b4639301408043968185457cd847a0e283543dc815b65a8e8994596c6f2a16

SHA512
b936cb2479a52ae1e250107d3502c14d77f64bc21f14bb7b401eb36c61e341d77e764b69ea3dcd9482984f3576a034eb6e62a26e20f34b843eb66cb7b594c003

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
38405e7902c0da8ce4d6fc88154d865e

SHA1
d9a3d577526e1f9cd8cbee1066c25500e77d4500

SHA256
de1dac78c6bf7258f553837abe2af2ce77c618f50720d785154e462d4326e4b1

SHA512
daf9933b65e40088f4dc13dca2ff3d4cead24367ccdb78fc22af9e7bfc380c7af27958ecd0d55be308dcc1a9ebb42491dfee591e898982299aeb61c3fa467154

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
e1f6ac2d703c5a89d715a1f93617ecd4

SHA1
80ce0c767abc89f1fa8468be448e19202864cb5e

SHA256
0fafd0e8a78d6f85f5f382bc0ed125225326634578b5fa7530a31e4b83f833e8

SHA512
f2a2da956a3b6aa3735c701f1a553fde5941029a9b47d4a30a5a2a256015dceca6a2ecedba54919391e4da0849d4ffc8481362111f6cdcb3d92c485e03b70f9d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ef41c8e7d7d0e05adc09466796b16c95

SHA1
8a01bdd7d1ca4b0be611eafcb3a95eda3c7f0191

SHA256
a2419eab168af97f56c9a3ea4686801ac6f8ed09514ac05f6c42fb49651a5f8a

SHA512
e81b6286e6cfdca764f08be068ab5875991b79df1b2b651fede74955df74978a7ade91b057d45a5c3a2e5f63a7b9782040c44107bf08c4a6911a8f0e17bc2a35

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
757af0d95f9dc026de3c1a9b565ce2a7

SHA1
703a7c4be9647d955da063999aa361adc2b8fc63

SHA256
474dfa6b67665889d0fabe008a51ffa6d1ba5c2fd5d8270df8feb69f60234b50

SHA512
7a20480167ea114adc2387e7a73cc398bb41a490fe24cc374cca07e579736099396032cbfb54b6500e810bcf2ce20a822d3e4a98def351aa15b67d0ba177d5c1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
75514242157e106b12bd3204c974c9fa

SHA1
8d3d200bbfbb43b3b97b92b583b74000fb10fb2d

SHA256
bbc1739f1e8a9068faa43612a34eb6c6b7fe6a15fcc32f364816e7897ae72f7e

SHA512
6b8c4592cd2ed1968cbb77ec0b9609ccef16241243a8e06730c495c084aa771a1368849360524a38cd6a7ff61702689b1b574bedfa4c6d3d46361a4bfba9ae33

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
128fd915aff3751368a40bf61db8432f

SHA1
cf6d8401a78b3c29f04c02ca4fad83907ba8cce7

SHA256
ab87adcb5a2f11adc27ebc89339c2d113ee41acb7d2ebb805834c52abb8c2f28

SHA512
3ca90493fbd940677c4a914db83f7fa73f2a9554135860c5d1e276582f183022210e03ae4b4b2ca41368cfcdcdaba38319c647ea53d7ae8d394a4ef6c1df87ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
7bf69517c8e72069aeddcde230186f23

SHA1
7510ac83c53d39c3662625b0ef3bf3b2005d2626

SHA256
7db1859a6ac95731ff1050ba22ed17e9da6486f25353b35d0110910985fb07c8

SHA512
35a37022ed195ecb5ce2c3d39cd0d7885ddf8eed14fc1914c89a691b3b0d34d2307e61cedb80bc0feb48bc4991e5986457d19c9b90260136fc0dadc9d7203177

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
621df9cf65bdeb8e33b179ca79342e47

SHA1
3501820e69276c611ac75a4971d0e5ec1f784cb8

SHA256
f69ce13a66be8c5f46b421114596f60dc94717ab66991cc7bc30fc09b4710068

SHA512
8529f78534f9c4d1896cf9b2d066ea86cd92f14599edd93f9f6e24eb76979ef0399a50d30fc324a1dd7b48dc3368c25028f6c3a7bb9afb287f99d465f5a63455

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c25374b3b330b7e53e0163e38a85b4d1

SHA1
386a67e674e44eb64109f15fe0275adc04acd799

SHA256
d210218e44e6679ef14e82a1a572991c4ac6494b15bb4f9368b7fc437b7103f1

SHA512
6753fb5cb96bbf9f7c027bade06582a0434306fe93e24c435f56d66eeecf1da641e66f7d997f243239c64b0c359469dc5448e784baa2adf861df976c5e095514

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0e30cdfb97594565d433ae3717e78620

SHA1
1e57fa6904cc44a6b220f079b1f3cefd8c3b03ad

SHA256
c3dfa93389de3bd7599b1ac5a95f2c73666cb37e3b9dbbbf337e5c2f944eadbc

SHA512
950dd6ac0debc44d87a131bb4607ac6c245809da3355a7a1ae5aa7772e236e36dad45cd470782e2acd2869c1cd369c8f81c4feef9f3e11542a4aad877a16cfd4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
3bab20761eba829d1152028a7a98708d

SHA1
1fefd17fab7f0e608c0fc63acd77d99a0f80e5b3

SHA256
40ad7c2c7d3a7a45bf5ea69f5a66f426536fdf0a6c74746fbab6182f18741a26

SHA512
32bccded392992d10d109f7a1e1a3da6153cbc5801364b56384edb8040466c6e3bd3b7f914f4d509eecc4dfdff6349e18a7c1c8d9af6262719663077577bd90d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
ebd7312c12850e8ca347ebb2a29f9a70

SHA1
e5c5d563bb793849c883cead41bf388b09cbbf17

SHA256
4093beb34debc971d2ae7bae5b036ec3dc3ed4af32ae18cf423b15f685a4d623

SHA512
8da6913113215ada88fc5beeec5f73f46b1c031cd769f29a8765bf4241db646d96c9350a38ebacd30ca4574857e5f9668038c4ba661ffe48ed1d9334785d9ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
20779087778337c0050736cfbba23f15

SHA1
b0ffe973a2443be8c0d4ce799c435310541d291f

SHA256
cbe683128249b344a66412c4be355dc55017d0b2114436bdc38e18bc5faa10be

SHA512
6f2dc1e3576fe9627d3302077380a5d3febc1f347456b530e7ca7a63e1a6a593713457b6edd3a5e5bbbccbeab62c73018d8880648e5f34f1efb22c64014a4b18

Download Submit
C:\Users\Admin\Downloads\virus-stuff-main.zip

Filesize
3KB

MD5
d17192f01a339c46627a7fe999889926

SHA1
b927679c221f24cdb8efff9b0c9217732f72c0ba

SHA256
c379e5877854096616894ad805fcbce7b15226b1f06597ef70c8bf1aef642246

SHA512
35cc53e135396ee1760a8143f1a7e7e3433fd77ae54b76d92dca5f52be835125b78e47e5f211f9b418f0d32fca8679df2cb5cfb168dd4961e06a5b4fa6d135ee

Download Submit
C:\Users\Admin\Downloads\virus-stuff-main.zip:Zone.Identifier

Filesize
165B

MD5
3af56fba7a131dfc920b6c5bb62185a1

SHA1
0365f489d0f6d00de1f7c1a8cc304a78d11df762

SHA256
25f5d9fa028f9e6da591ca36ba760263981b2c2d92ed6452857184448e046a65

SHA512
6b92b18026dd569f6cf7b50521eead930473d27ca5c66c0d07e78e2caf663f7e555162d6f834aa28a1732b7c36a72778fea992ac878c921b3a1e828edc4c8837

Download Submit
memory/236-42-0x00000000051C0000-0x00000000051DB000-memory.dmp

Filesize
108KB

Download
memory/236-652-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/236-247-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/236-12-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/236-184-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/236-38-0x00000000051C0000-0x00000000051DB000-memory.dmp

Filesize
108KB

Download
memory/236-41-0x00000000051C0000-0x00000000051DB000-memory.dmp

Filesize
108KB

Download
memory/3572-654-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3572-10-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3572-185-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3572-186-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3996-222-0x0000000000044000-0x0000000001146000-memory.dmp

Filesize
17.0MB

Download
memory/3996-116-0x0000000000044000-0x0000000001146000-memory.dmp

Filesize
17.0MB

Download
memory/3996-182-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3996-183-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3996-221-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3996-0-0x0000000000044000-0x0000000001146000-memory.dmp

Filesize
17.0MB

Download
memory/3996-5-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download
memory/3996-1-0x0000000000040000-0x0000000001682000-memory.dmp

Filesize
22.3MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads