Overview

overview

10

Static

static

AnyDesk.msi

windows7-x64

10

AnyDesk.msi

windows10-2004-x64

10

Resubmissions

10-01-2023 15:42

230110-s5dkasge64 10

10-01-2023 15:35

230110-s1ddqsge56 10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2023 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk.msi

  • Size

    5.2MB

  • MD5

    8b5c001d696ec2cd730280496a311895

  • SHA1

    a1ad08a895037a8fc8a5fa7fda7bfba9894a9eac

  • SHA256

    e9d32103b6e9ab8fed7f6824525026119a5c5e9674522bdf0ebca8f242af10b1

  • SHA512

    1901f730d02d23fdc81ff7bda7d9a7d4deb37596cce076bb1555a391419f2520577fe8872cb5795f2ff64eede2d6e9bf72f4840696001a2f25acc5e8ddca86db

  • SSDEEP

    98304:dYGKdAHTgvVVqPvZpgvXM/N3qZBO0cY2YPGvhP0JGom:R8VqPvZ6v6NH0l7PXm

Score
10/10
lampionbankerevasionpersistencetrojan

Malware Config

Signatures

  • Lampion

    Lampion is a banking trojan, targeting Portuguese speaking countries.

    trojanbankerlampion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 4 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 23 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\AnyDesk.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1988
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4D05AAF8C1ADA78127DEC0473021DDE9
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss150B.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi14E9.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr14EA.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr14FA.txt" -propSep " :<->: " -testPrefix "_testValue."
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:568
        • C:\ali\ludibriar\Meelcisma.exe
          "C:\ali\ludibriar\Meelcisma.exe"
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Executes dropped EXE
          • Checks BIOS information in registry
          • Loads dropped DLL
          • Adds Run key to start application
          • Checks whether UAC is enabled
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:796
        • C:\Users\Public\Documents\AnyDesk\setup.exe
          "C:\Users\Public\Documents\AnyDesk\setup.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Suspicious use of WriteProcessMemory
          PID:1104
          • C:\Users\Public\Documents\AnyDesk\setup.exe
            "C:\Users\Public\Documents\AnyDesk\setup.exe" --local-service
            5⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:1740
          • C:\Users\Public\Documents\AnyDesk\setup.exe
            "C:\Users\Public\Documents\AnyDesk\setup.exe" --local-control
            5⤵
            • Executes dropped EXE
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1716
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1784
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000564" "0000000000000568"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1204
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1524

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pss150B.ps1
    Filesize

    5KB

    MD5

    fc1bb6c87fd1f08b534e52546561c53c

    SHA1

    db402c5c1025cf8d3e79df7b868fd186243aa9d1

    SHA256

    a04750ed5f05b82b90f6b8ea3748ba246af969757a5a4b74a0e25b186add520b

    SHA512

    5495f4ac3c8f42394a82540449526bb8ddd91adf0a1a852a9e1f2d32a63858b966648b4099d9947d8ac68ee43824dacda24c337c5b97733905e36c4921280e86

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\scr14EA.ps1
    Filesize

    17KB

    MD5

    c67846c507bf7950e4bc2d266f91471d

    SHA1

    c4ebed1f716a6a3747dd04988b3349c4860fc0e2

    SHA256

    5c8fa4f1456d769f17a2688048a11683f94f3199d30dcb51f35cdf4949f0cae8

    SHA512

    463d0d4dd1faddf278981c913d07764cdd0c4d7c645a2d38234e3468986625f6a3e3367d44503be71b032562bb0154c5a546d0dde6e4f00db09ceb43a2f769ae

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
    Filesize

    6KB

    MD5

    6e83497e1e7ebfe43410ff350363df8b

    SHA1

    3ef94a9b9ee03b40fe07e7aaf5ad5da5dbcd42b6

    SHA256

    73499bb9c517134d78abad66aa0095c90b8bdd54b90fcb5be0ce5c5f34a5ab3d

    SHA512

    ad1f2e6dbc04a4de25e5cfa23fbdc6e8832ccf7102cca5cc6068d1eb88d4b0d4eb19ce41658f49f0be58ac196d5e58165b695f3881741b7beaabc509fc544c59

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
    Filesize

    6KB

    MD5

    6e83497e1e7ebfe43410ff350363df8b

    SHA1

    3ef94a9b9ee03b40fe07e7aaf5ad5da5dbcd42b6

    SHA256

    73499bb9c517134d78abad66aa0095c90b8bdd54b90fcb5be0ce5c5f34a5ab3d

    SHA512

    ad1f2e6dbc04a4de25e5cfa23fbdc6e8832ccf7102cca5cc6068d1eb88d4b0d4eb19ce41658f49f0be58ac196d5e58165b695f3881741b7beaabc509fc544c59

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
    Filesize

    2KB

    MD5

    24129b1fc5d5b11c82d183d0995868c3

    SHA1

    f940cd1907a562586361be2997196193ccd839c5

    SHA256

    08b4ffefadcb7d139885a24523e19b025e539342da6db7f9cd56f72702e45d0b

    SHA512

    5cd9ddc7a7eca3534da382813b9fed11f82fa28c047a853049959beea4c55eb73f355d22749cd32a12347826beaf6589cb4e85170a1aabeb3ddf74c8ee7c3d9f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    1d11f04471dabae80ad2054686c1b6fc

    SHA1

    f8a50e97380588be5cb279c99dacb607e048d691

    SHA256

    8a33ab97d1c526f66ad7f84a517d91e3939dcf2d912e21fdfd49f4cd3dc8755f

    SHA512

    c47c9a97fdd04095307837a518af234931bd4ed5339416c6d16ec70e5d01e0fbf57458af6b7043350a20af536c3106e52905bffbab832235faca3a20ba2765d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    1d11f04471dabae80ad2054686c1b6fc

    SHA1

    f8a50e97380588be5cb279c99dacb607e048d691

    SHA256

    8a33ab97d1c526f66ad7f84a517d91e3939dcf2d912e21fdfd49f4cd3dc8755f

    SHA512

    c47c9a97fdd04095307837a518af234931bd4ed5339416c6d16ec70e5d01e0fbf57458af6b7043350a20af536c3106e52905bffbab832235faca3a20ba2765d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    1d11f04471dabae80ad2054686c1b6fc

    SHA1

    f8a50e97380588be5cb279c99dacb607e048d691

    SHA256

    8a33ab97d1c526f66ad7f84a517d91e3939dcf2d912e21fdfd49f4cd3dc8755f

    SHA512

    c47c9a97fdd04095307837a518af234931bd4ed5339416c6d16ec70e5d01e0fbf57458af6b7043350a20af536c3106e52905bffbab832235faca3a20ba2765d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    d2e5c95d93a2e008b09f38c2555e4f7a

    SHA1

    06767586480416610cff14a9637cfa66aa59e09e

    SHA256

    d7adfccc186129249221399bd40e117c2403dddc890a845319eb8203e3de40bf

    SHA512

    5ada737b4eb20db9a4ac9dfb8d13624b0bf21ca203f111eca68772da73d597519ffbe7fd5d2d85341d16ef01a948b07068ebbffaf8336f5e2841c7bedb100330

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    1d11f04471dabae80ad2054686c1b6fc

    SHA1

    f8a50e97380588be5cb279c99dacb607e048d691

    SHA256

    8a33ab97d1c526f66ad7f84a517d91e3939dcf2d912e21fdfd49f4cd3dc8755f

    SHA512

    c47c9a97fdd04095307837a518af234931bd4ed5339416c6d16ec70e5d01e0fbf57458af6b7043350a20af536c3106e52905bffbab832235faca3a20ba2765d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    d2e5c95d93a2e008b09f38c2555e4f7a

    SHA1

    06767586480416610cff14a9637cfa66aa59e09e

    SHA256

    d7adfccc186129249221399bd40e117c2403dddc890a845319eb8203e3de40bf

    SHA512

    5ada737b4eb20db9a4ac9dfb8d13624b0bf21ca203f111eca68772da73d597519ffbe7fd5d2d85341d16ef01a948b07068ebbffaf8336f5e2841c7bedb100330

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    5df8025abfcc35ef1386b7eb97d06c93

    SHA1

    bf4a31867c171cf8251f60503753bc70a61358c4

    SHA256

    2f07b89be7f3639783e9b89a85dfc92e17c01559852fe0b75da5f6b37112e8ab

    SHA512

    7977650f648511f34396f232553fa458e0875fda7d468d57196ebd78832b3dcb3b510afaea9bf45f283209d646161bf11928c9153a4bc6d49d7787dc295ea400

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    07fb33771f6b671c1e9e7f3768f57e61

    SHA1

    bf423c3dcb731a2bd51d65e0ce3a2c1c5a40006c

    SHA256

    619d56d03de61c537eb9ce2dc15b6be5a7da6afa4ef2253a6b1ee28329242527

    SHA512

    368af5e6cd9dc4e3576e6d870f19ef155bc6795b8b09f059dd2266fe2feab1315b5c497dd0b3cef80124fe635e0be1e21c6ed9211e721b2d66f2821f5b9b94d5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    2f391dff04218177f4fa8b8baa1b03ae

    SHA1

    2897237cc62f383eeac762572d3f2a72c290b1e4

    SHA256

    cc3a1a27e2a65d602dc1a45f5cc3f4cc52c45c98022e696c68901d32ad234b85

    SHA512

    a7a4152a160e39f5337e82ac5590edd25d475e585cd85d59e91ad0afd1892e9fc1c215239b8e830e4eb5d7a284e7e2325b809109f44b80e279ab2355796007e8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    0e49fa13ecb8afee1242db72a8511a3d

    SHA1

    c881fd61243cd93f7fe84ac5fdbe00a8cb303918

    SHA256

    b25feebe8325cfa8f8ee2d9a8550862f1fe76a878652615faf2219c5cc2399cf

    SHA512

    720e98eb55623621714b2afda1866901f0b0c8efd67ab4d50485c0a9cbbeaac6b7f10b16219736c1e1b8564a7e4eeccfedbadd6e112501a29d118438f9aa8bc0

    Download Submit

  • C:\Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • C:\Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • C:\Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • C:\Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • C:\Windows\Installer\MSI1452.tmp
    Filesize

    574KB

    MD5

    7b7d9e2c9b8236e7155f2f97254cb40e

    SHA1

    99621fc9d14511428d62d91c31865fb2c4625663

    SHA256

    df58faba241328b9645dcb5dec387ec5edd56e2d878384a4783f2c0a66f85897

    SHA512

    fbaa1560f03255f73be3e846959e4b7cbb1c24165d014ed01245639add6cc463975e5558567ab5704e18c9078a8a071c9e38dc1e499ba6e3dc507d4275b4a228

    Download Submit

  • C:\Windows\Installer\MSI159.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • C:\Windows\Installer\MSI6E5.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • C:\Windows\Installer\MSIE46.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • C:\ali\ludibriar\ChromeDls21
    Filesize

    89.4MB

    MD5

    ef1039686e87be5876127bb3314e50d0

    SHA1

    52be5de059641f633e419db3e2bb3c08c730907a

    SHA256

    6702962396a7c681a515f0887c254101da122cc9ee943e6fc1952608c46745bf

    SHA512

    0c3e90a4dd52e5ee0bd0c8a2a1cb5653adc103a3674306cb69a53c6500601163f1e2e4fa44dea0ad3211da6249c320399c2e4813a291a7fe227a252b5508af36

    Download Submit

  • C:\ali\ludibriar\LIBEAY32.DLL
    Filesize

    3.5MB

    MD5

    4abfe433e39932ba3642a87f7b75f5ff

    SHA1

    c13f41ccfbd4b115108ff288d1d2e89ee8c5f88d

    SHA256

    a50ef797044e0d975916290a7c284eb41e7a8fd5122fcfebcc2fb18e247342a2

    SHA512

    62945f7b7c2db8f3543523a60a2eccdc164322581335b14ffb1fbb2ff0977fa27cd5d9b64685d38aad7d2a080cfbf3d48804c25fbf8e35b03a25a1c5db9c57c6

    Download Submit

  • C:\ali\ludibriar\Meelcisma.exe
    Filesize

    15.1MB

    MD5

    a88098f4d2d7866410b428572a3c113e

    SHA1

    a8b6f921b2c0b08b1d5f0766e9d03c4932bd0155

    SHA256

    1c04e379b31b6edd40354af97aeb9046863ae15e3ddac18022836f15db07f421

    SHA512

    c07beeffd780d8d91e79e73997f163fc571ad30e8e7b1e5247f6ada4437621e794b3fc0301061fda7589b1a97ea885b95111e3dbf67f6b2a5aeea84f63d81ff5

    Download Submit

  • C:\ali\ludibriar\Meelcisma.exe
    Filesize

    15.1MB

    MD5

    a88098f4d2d7866410b428572a3c113e

    SHA1

    a8b6f921b2c0b08b1d5f0766e9d03c4932bd0155

    SHA256

    1c04e379b31b6edd40354af97aeb9046863ae15e3ddac18022836f15db07f421

    SHA512

    c07beeffd780d8d91e79e73997f163fc571ad30e8e7b1e5247f6ada4437621e794b3fc0301061fda7589b1a97ea885b95111e3dbf67f6b2a5aeea84f63d81ff5

    Download Submit

  • C:\ali\ludibriar\PROFILE.DLL
    Filesize

    241KB

    MD5

    24aae6bcc99f29b0b4e1db6ea1e8e902

    SHA1

    ef6eb3f8fea180b36252fd85d8ab0d6842d0f32d

    SHA256

    199498a70290ba14947f8fbde13840499f07e63d9b3b79ced03928fca9c009b9

    SHA512

    51f3ccefcf0f562c502fbf789f40e21b4ecd99599fd857841938f7e2d6529f2640360f0e7947441b2aed7e611905b03fe9cac246a874d54bf545acdfa4ce24d8

    Download Submit

  • \??\PIPE\srvsvc
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • \Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • \Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • \Users\Public\Documents\AnyDesk\setup.exe
    Filesize

    3.8MB

    MD5

    9a1d9fe9b1223273c314632d04008384

    SHA1

    665cad3ed21f6443d1adacf18ca45dfaa8f52c99

    SHA256

    0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359

    SHA512

    3ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5

    Download Submit

  • \Windows\Installer\MSI1452.tmp
    Filesize

    574KB

    MD5

    7b7d9e2c9b8236e7155f2f97254cb40e

    SHA1

    99621fc9d14511428d62d91c31865fb2c4625663

    SHA256

    df58faba241328b9645dcb5dec387ec5edd56e2d878384a4783f2c0a66f85897

    SHA512

    fbaa1560f03255f73be3e846959e4b7cbb1c24165d014ed01245639add6cc463975e5558567ab5704e18c9078a8a071c9e38dc1e499ba6e3dc507d4275b4a228

    Download Submit

  • \Windows\Installer\MSI159.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • \Windows\Installer\MSI6E5.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • \Windows\Installer\MSIE46.tmp
    Filesize

    436KB

    MD5

    475d20c0ea477a35660e3f67ecf0a1df

    SHA1

    67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

    SHA256

    426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

    SHA512

    99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

    Download Submit

  • \ali\ludibriar\Meelcisma.exe
    Filesize

    15.1MB

    MD5

    a88098f4d2d7866410b428572a3c113e

    SHA1

    a8b6f921b2c0b08b1d5f0766e9d03c4932bd0155

    SHA256

    1c04e379b31b6edd40354af97aeb9046863ae15e3ddac18022836f15db07f421

    SHA512

    c07beeffd780d8d91e79e73997f163fc571ad30e8e7b1e5247f6ada4437621e794b3fc0301061fda7589b1a97ea885b95111e3dbf67f6b2a5aeea84f63d81ff5

    Download Submit

  • \ali\ludibriar\libeay32.dll
    Filesize

    3.5MB

    MD5

    4abfe433e39932ba3642a87f7b75f5ff

    SHA1

    c13f41ccfbd4b115108ff288d1d2e89ee8c5f88d

    SHA256

    a50ef797044e0d975916290a7c284eb41e7a8fd5122fcfebcc2fb18e247342a2

    SHA512

    62945f7b7c2db8f3543523a60a2eccdc164322581335b14ffb1fbb2ff0977fa27cd5d9b64685d38aad7d2a080cfbf3d48804c25fbf8e35b03a25a1c5db9c57c6

    Download Submit

  • \ali\ludibriar\profile.dll
    Filesize

    241KB

    MD5

    24aae6bcc99f29b0b4e1db6ea1e8e902

    SHA1

    ef6eb3f8fea180b36252fd85d8ab0d6842d0f32d

    SHA256

    199498a70290ba14947f8fbde13840499f07e63d9b3b79ced03928fca9c009b9

    SHA512

    51f3ccefcf0f562c502fbf789f40e21b4ecd99599fd857841938f7e2d6529f2640360f0e7947441b2aed7e611905b03fe9cac246a874d54bf545acdfa4ce24d8

    Download Submit

  • memory/568-71-0x00000000721C0000-0x00000000736E8000-memory.dmp

    Filesize

    21.2MB

    Download

  • memory/568-68-0x00000000721C0000-0x00000000736E8000-memory.dmp

    Filesize

    21.2MB

    Download

  • memory/568-66-0x0000000000000000-mapping.dmp

    Download

  • memory/796-97-0x000000000FF70000-0x000000000FFA1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/796-91-0x00000000003C0000-0x00000000003DC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/796-73-0x0000000000000000-mapping.dmp

    Download

  • memory/796-103-0x000000000FBD0000-0x000000000FBE9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/796-80-0x0000000077480000-0x0000000077600000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/796-114-0x0000000077480000-0x0000000077600000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/796-154-0x0000000009840000-0x000000000F1B7000-memory.dmp

    Filesize

    89.5MB

    Download

  • memory/796-98-0x000000000FFB0000-0x00000000103BB000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/796-81-0x0000000001500000-0x0000000001FC5000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/796-96-0x000000000F940000-0x000000000FA70000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/796-82-0x0000000001500000-0x0000000001FC5000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/796-83-0x0000000001500000-0x0000000001FC5000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/796-93-0x0000000009840000-0x000000000F1B7000-memory.dmp

    Filesize

    89.5MB

    Download

  • memory/796-84-0x0000000001500000-0x0000000001FC5000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/796-86-0x0000000000270000-0x000000000027D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/796-87-0x00000000003A0000-0x00000000003AD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/796-92-0x000000000F740000-0x000000000F7D7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/796-105-0x00000000128E1000-0x0000000012E2D000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/796-89-0x000000000F350000-0x000000000F513000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/796-88-0x000000000F1C0000-0x000000000F350000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1104-115-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1104-126-0x0000000074921000-0x0000000074923000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1104-163-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1104-109-0x0000000000000000-mapping.dmp

    Download

  • memory/1104-112-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1216-57-0x0000000075A91000-0x0000000075A93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1216-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1716-121-0x0000000000000000-mapping.dmp

    Download

  • memory/1716-127-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1716-165-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1740-117-0x0000000000000000-mapping.dmp

    Download

  • memory/1740-124-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1740-164-0x0000000000340000-0x0000000001399000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1988-54-0x000007FEFBB21000-0x000007FEFBB23000-memory.dmp

    Filesize

    8KB

    Download