fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2023 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exeAnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

AnyDesk.exe

pid	Process
2228	AnyDesk.exe
2228	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description	pid	Process
Token: SeDebugPrivilege	4748	firefox.exe
Token: SeDebugPrivilege	4748	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AnyDesk.exefirefox.exe

pid	Process
2260	AnyDesk.exe
2260	AnyDesk.exe
2260	AnyDesk.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

Processes:

AnyDesk.exefirefox.exe

pid	Process
2260	AnyDesk.exe
2260	AnyDesk.exe
2260	AnyDesk.exe
4748	firefox.exe
4748	firefox.exe
4748	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
4748	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AnyDesk.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 4400 wrote to memory of 2228	4400	AnyDesk.exe	84
PID 4400 wrote to memory of 2228	4400	AnyDesk.exe	84
PID 4400 wrote to memory of 2228	4400	AnyDesk.exe	84
PID 4400 wrote to memory of 2260	4400	AnyDesk.exe	85
PID 4400 wrote to memory of 2260	4400	AnyDesk.exe	85
PID 4400 wrote to memory of 2260	4400	AnyDesk.exe	85
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 2784 wrote to memory of 4748	2784	firefox.exe	96
PID 4748 wrote to memory of 5028	4748	firefox.exe	97
PID 4748 wrote to memory of 5028	4748	firefox.exe	97
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98
PID 4748 wrote to memory of 2948	4748	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.0.1948032537\257722405" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6330648b-b09d-4b99-af8f-b6e9ede9f359} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 1916 134b78ec258 gpu
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.1.979868258\1920641177" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4bbf0e3-8442-4cc1-af45-18fdda65894b} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2320 134aa971658 socket
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.2.2012461494\1387131230" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2932 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d10d7cc1-2b15-4ee4-a293-075aa7b886a3} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3080 134bb6ee258 tab
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.3.1382054546\826587835" -childID 2 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9b83cb6-01ae-492f-af95-5766721b9ef1} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3552 134aa96a558 tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.4.174450374\505248811" -childID 3 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a058487-e6b3-45e2-a552-1b4c6a97bd05} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3816 134bc735558 tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.5.964476031\1335960584" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 5004 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d918f45-6966-46db-b5a8-ba16db2509ae} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5016 134aa930858 tab
    3⤵
    PID:1948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.6.1313353193\1752915444" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6845413c-4038-4c0f-b526-b539592ba531} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5104 134bddb0b58 tab
    3⤵
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.7.1305385979\1752380554" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d920ca5-585c-413b-9c8e-0f2e928f364a} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5316 134bddb0e58 tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.8.42947779\1592303470" -childID 7 -isForBrowser -prefsHandle 5744 -prefMapHandle 5736 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b175734-18d4-4af1-9490-87361c04b3c4} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5752 134bf272b58 tab
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.9.351258877\869429566" -childID 8 -isForBrowser -prefsHandle 9264 -prefMapHandle 9268 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a878c8-b31c-428d-b608-f181201943de} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 9252 134c0460658 tab
    3⤵
    PID:3944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
158KB

MD5
986aada0907171ec33b803a45fe89651

SHA1
be77e4a7365aebf8cccb3ca743fffe200f74529e

SHA256
cad577fcf66365c630fed7c77bfae96a31fe0e7e11659ab0a82fc291e8ad6885

SHA512
17adb6904dbcbc1433dfb09e9e0d99cafe6c034456b6eecc11b3812482067ba43cfe0e5f445956ea2d701c39c1f49f1a72464f6a1410af9a5f4a691605daa167

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
b2d54b7c06fc883f87214475b447283c

SHA1
e3f8e0bf1dcf73c1b27e77326f4ef57557d410c8

SHA256
4a99bbf01de2876e4ea7605a384da7b429549d5c7bc34937f8cc8144d256b77c

SHA512
df3f96a64ac772db1a0b703e490023f19ceda36c135de84049ad9f1b6566354f3d4454229a03c714d9ce4928a62e0b7726502897ef2fba86b37b4d0984d81665

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
49a215e8818bab9362875f6d383add93

SHA1
dda052be2906cdcfae65aa626585cc92ac1f1c05

SHA256
ccee1442aef88be7918a1794ff7578b20865984781c8e39f2781d19a9c094bef

SHA512
f7e4a1a33fc3d63775d06a29c84a5392865c76567b26d2e87b50518c1928186c02e2962910e64e63585ff2f4010f89ee8743f88be8dbd804e08ec33f39fea555

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7b4a0b582dc87dbbbcbdfc7851531412

SHA1
42af678d316b77bf12245ed00c7794f92e674d7c

SHA256
ebe15d475a203f62afac2e5ecd6883cfaa6639bef65c049a50a92e76d72e48b3

SHA512
bf2bba156245a9262bd5da1d1cf79e5fbfc68966104fb1b1b0aa67649e934030a7159dfbfd882af669cd1eecdfaff64bb3e190e13af192e03b83950a727e727f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
4f0b6b34997e7526259e068e0595120c

SHA1
32ef2abbb11a652966605243c96c4df4e357b319

SHA256
69b9b28f722e7915902dc64d7b689dcdd9dfdcdd769d2a95036eaf8dd5e1b0bc

SHA512
00452f624ef72d886163854ce706032e8231373e44cfdff244bb7b2a619100502f765bb49c5343618af482a8a796001ffc10920c249825132b877b29f11d5684

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
f461cc357eda64d7c42f0efdae7007b2

SHA1
2d123338d489e6afaedd0f57da954abd1314f54f

SHA256
cdf8084150b61d4e79de8ee67cc87f63ca0a5a53651b652acff99319cc7afc2d

SHA512
5e70ac7f7109a335126dcf03f5defb742e6924f580b4693a61d809fe13a810fbb465d2cd00a1e8f77448fcbb557acfb1a61b90d97fd744f05e2d63a83d3fc6fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
fdfbcaa05985ed5f763c08168a576d57

SHA1
c7559cb91e99ccc779dd912d7de2d5fd6a74e629

SHA256
f8e3c87d8631b32a966329d63290a97317125a7da840d8f4b2624592d2cb9766

SHA512
8a3afcfaa04356abb856af6f011a62775b0e8540bf81e9046910f3e655d32dbe4c6b143f3abcaf4163faa8b6f10aa5387a443e1db751888e778d57767c7bbef7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
fdfbcaa05985ed5f763c08168a576d57

SHA1
c7559cb91e99ccc779dd912d7de2d5fd6a74e629

SHA256
f8e3c87d8631b32a966329d63290a97317125a7da840d8f4b2624592d2cb9766

SHA512
8a3afcfaa04356abb856af6f011a62775b0e8540bf81e9046910f3e655d32dbe4c6b143f3abcaf4163faa8b6f10aa5387a443e1db751888e778d57767c7bbef7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
672be0ccbabaaf711cd20e2e39f34394

SHA1
927578cb858f3a45185ea84ad6d5bd10cd1c43a6

SHA256
ec7b9910b1acdc5a6f91bd89a78249dde28d37e9bbba2bdf3e46470db6e7e10c

SHA512
9a3a73cdd007bd6d322d75f2876246cade396ea85350d1fad6820654977e91e4990dc90f802f12d44005bc3819c4c3d71dc82fc3f7cb3e251b385cf8d6fca9b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
672be0ccbabaaf711cd20e2e39f34394

SHA1
927578cb858f3a45185ea84ad6d5bd10cd1c43a6

SHA256
ec7b9910b1acdc5a6f91bd89a78249dde28d37e9bbba2bdf3e46470db6e7e10c

SHA512
9a3a73cdd007bd6d322d75f2876246cade396ea85350d1fad6820654977e91e4990dc90f802f12d44005bc3819c4c3d71dc82fc3f7cb3e251b385cf8d6fca9b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
801B

MD5
d52e7b0cdf856a5e79893a2d0f21b89b

SHA1
688fd1dbdf66008dfeb31fc0cc7fd99d3b13e709

SHA256
7755ee04f79cb617950c1d3be9945f832b2017c3762689da228b273e4d4e9c35

SHA512
46a93f216576284965ae9f54d248a582e32a53e97168fb392063ddd3042b4e87811ee45c96498045e8251b177d2871433adf0499d09c276ce38330a3dd07bcd6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
6a4f0b87ddbac1c7a9e8b5488a7083a7

SHA1
3fbe9533a98986e37f9a73cfb8a206c59f473df0

SHA256
23a9254b61d226cd3a876269d981324c21f7e113ae566675669eac669bff8cf1

SHA512
a418912a484d6f1bfaa37dd04d917078af2442ffd278ce933e0f680d0abd4cc8837a49034fe81826ded566216b33c0186afd3b4924174a3b7d86075152b43f6b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
6a4f0b87ddbac1c7a9e8b5488a7083a7

SHA1
3fbe9533a98986e37f9a73cfb8a206c59f473df0

SHA256
23a9254b61d226cd3a876269d981324c21f7e113ae566675669eac669bff8cf1

SHA512
a418912a484d6f1bfaa37dd04d917078af2442ffd278ce933e0f680d0abd4cc8837a49034fe81826ded566216b33c0186afd3b4924174a3b7d86075152b43f6b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1b7f20dbebf718ef1333e39c22d8396d

SHA1
b09849469f4fe58d13246495c795bde10dbeb624

SHA256
a878648390d4648edc82c5811c8b0d08ace9aa5c7157544ca2832ab8c6c3d8ba

SHA512
628d3abd7ddafefcf2d9a75da3849a2ae557ddbbae4a71a75a7cb523ee68d54b95a1cae2f02c13b2d56e41a8348c4822bcc687c3bf4b3baf58db38ebc8df9526

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1b7f20dbebf718ef1333e39c22d8396d

SHA1
b09849469f4fe58d13246495c795bde10dbeb624

SHA256
a878648390d4648edc82c5811c8b0d08ace9aa5c7157544ca2832ab8c6c3d8ba

SHA512
628d3abd7ddafefcf2d9a75da3849a2ae557ddbbae4a71a75a7cb523ee68d54b95a1cae2f02c13b2d56e41a8348c4822bcc687c3bf4b3baf58db38ebc8df9526

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bee77213bda005e8dd60cb6b75406708

SHA1
fc06fe204a5c2bc1542b50e7c4896cfd49422ddf

SHA256
1fd44e25475b7f767bc29601076d1fa91983c526407baeb14c1961169dacd27e

SHA512
5aae7df9d6b2711a4f863f696e66460e33b7f91700928e0de8edd5b0727e7ee592d0be068dadb82d8774b7134ca61c38e459d91975908cce41ab5abf62d1755a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bee77213bda005e8dd60cb6b75406708

SHA1
fc06fe204a5c2bc1542b50e7c4896cfd49422ddf

SHA256
1fd44e25475b7f767bc29601076d1fa91983c526407baeb14c1961169dacd27e

SHA512
5aae7df9d6b2711a4f863f696e66460e33b7f91700928e0de8edd5b0727e7ee592d0be068dadb82d8774b7134ca61c38e459d91975908cce41ab5abf62d1755a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
981fc591003a43df75f01d22265ffde5

SHA1
1e7f77a72fc97bea44c1f32a580a0b97d87a1ccf

SHA256
8b1df2c153d40b5b93cfbb477bfa13a56799e4eff06f07bf22ecff5dde1956a9

SHA512
4830793460d8bbc6e4ff574b1da5b4a6f309ffc70f3f7cbffd70c3b4ce872cc86fadfb227a4ced9e05c2153e61203bbeaf5072f4724f2be17a10b01712a39286

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
981fc591003a43df75f01d22265ffde5

SHA1
1e7f77a72fc97bea44c1f32a580a0b97d87a1ccf

SHA256
8b1df2c153d40b5b93cfbb477bfa13a56799e4eff06f07bf22ecff5dde1956a9

SHA512
4830793460d8bbc6e4ff574b1da5b4a6f309ffc70f3f7cbffd70c3b4ce872cc86fadfb227a4ced9e05c2153e61203bbeaf5072f4724f2be17a10b01712a39286

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ec59cbe87e54cbf20b21ac2c5aa4e288

SHA1
4ab271b38b92155bbc6f5395dd78d0d7b1e662e0

SHA256
ff24f7a8ff5a1dcd68225666141747aef068bae683ab2c28f387eb3ca250c9b0

SHA512
847ba714f650256f55ab7a03df32a1b2529f2b72fc3ac7d41b6f4eed3d2575d865f8f333b63681b546ca5e2c6b0bc4e72b52841363b25ba6cb09b1d92931317f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ec59cbe87e54cbf20b21ac2c5aa4e288

SHA1
4ab271b38b92155bbc6f5395dd78d0d7b1e662e0

SHA256
ff24f7a8ff5a1dcd68225666141747aef068bae683ab2c28f387eb3ca250c9b0

SHA512
847ba714f650256f55ab7a03df32a1b2529f2b72fc3ac7d41b6f4eed3d2575d865f8f333b63681b546ca5e2c6b0bc4e72b52841363b25ba6cb09b1d92931317f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ec59cbe87e54cbf20b21ac2c5aa4e288

SHA1
4ab271b38b92155bbc6f5395dd78d0d7b1e662e0

SHA256
ff24f7a8ff5a1dcd68225666141747aef068bae683ab2c28f387eb3ca250c9b0

SHA512
847ba714f650256f55ab7a03df32a1b2529f2b72fc3ac7d41b6f4eed3d2575d865f8f333b63681b546ca5e2c6b0bc4e72b52841363b25ba6cb09b1d92931317f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
25d8e14215e816cfbc8657e733a6bb59

SHA1
68a7ef57a9525845b5cdecd792d6b1c81acde805

SHA256
4f43e2f1ab9e22ba411f3f9959dd3378ff0bc5ba48b12a29681e087c345242ee

SHA512
5488ae3686eaf6599e1a40839c01c8e37f525a0a9aea842fc6317c6a9cd9bf4c5c8cbaadb55876a1bcdcaa106559cd01f855dfec92a0540a6e867845a8b1af76

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
25d8e14215e816cfbc8657e733a6bb59

SHA1
68a7ef57a9525845b5cdecd792d6b1c81acde805

SHA256
4f43e2f1ab9e22ba411f3f9959dd3378ff0bc5ba48b12a29681e087c345242ee

SHA512
5488ae3686eaf6599e1a40839c01c8e37f525a0a9aea842fc6317c6a9cd9bf4c5c8cbaadb55876a1bcdcaa106559cd01f855dfec92a0540a6e867845a8b1af76

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
25d8e14215e816cfbc8657e733a6bb59

SHA1
68a7ef57a9525845b5cdecd792d6b1c81acde805

SHA256
4f43e2f1ab9e22ba411f3f9959dd3378ff0bc5ba48b12a29681e087c345242ee

SHA512
5488ae3686eaf6599e1a40839c01c8e37f525a0a9aea842fc6317c6a9cd9bf4c5c8cbaadb55876a1bcdcaa106559cd01f855dfec92a0540a6e867845a8b1af76

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f28be0b65b799dde5ba429a0ab0e65da

SHA1
0db1f2b8320e3cf559cd7e322c24df7c8abc365b

SHA256
36e0fddfeafdeef6607c1d04f293bb042cee4ab0399f6a0642dbd4a693d1bb0a

SHA512
514f2e1aa6249c356edf77ea7e032751887b38e3455dab1f22541d6c3a5a8b1dba41a6ce372d272c924aee812cf17437f527d772f9cd01458d991d9446967ba8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f28be0b65b799dde5ba429a0ab0e65da

SHA1
0db1f2b8320e3cf559cd7e322c24df7c8abc365b

SHA256
36e0fddfeafdeef6607c1d04f293bb042cee4ab0399f6a0642dbd4a693d1bb0a

SHA512
514f2e1aa6249c356edf77ea7e032751887b38e3455dab1f22541d6c3a5a8b1dba41a6ce372d272c924aee812cf17437f527d772f9cd01458d991d9446967ba8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
79947cf8490cfed58400af994b3c5cb3

SHA1
2deb7e5cd85c677e6e85952c6b4f8ba273e1fb8b

SHA256
0bdf0b4a711431b0721bcc8c4edaddb68c69b9c5136a161fe4d3a8ad391107c4

SHA512
5d88084ab6192b79f2a95e5d5b6e5416a06648be457c2b9bf7b6f5c0b6bd55b716070e9757b335434e6f34072b32e57f6fa45c073eb74cdaf4604d504d22e5ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
79947cf8490cfed58400af994b3c5cb3

SHA1
2deb7e5cd85c677e6e85952c6b4f8ba273e1fb8b

SHA256
0bdf0b4a711431b0721bcc8c4edaddb68c69b9c5136a161fe4d3a8ad391107c4

SHA512
5d88084ab6192b79f2a95e5d5b6e5416a06648be457c2b9bf7b6f5c0b6bd55b716070e9757b335434e6f34072b32e57f6fa45c073eb74cdaf4604d504d22e5ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
79947cf8490cfed58400af994b3c5cb3

SHA1
2deb7e5cd85c677e6e85952c6b4f8ba273e1fb8b

SHA256
0bdf0b4a711431b0721bcc8c4edaddb68c69b9c5136a161fe4d3a8ad391107c4

SHA512
5d88084ab6192b79f2a95e5d5b6e5416a06648be457c2b9bf7b6f5c0b6bd55b716070e9757b335434e6f34072b32e57f6fa45c073eb74cdaf4604d504d22e5ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
79947cf8490cfed58400af994b3c5cb3

SHA1
2deb7e5cd85c677e6e85952c6b4f8ba273e1fb8b

SHA256
0bdf0b4a711431b0721bcc8c4edaddb68c69b9c5136a161fe4d3a8ad391107c4

SHA512
5d88084ab6192b79f2a95e5d5b6e5416a06648be457c2b9bf7b6f5c0b6bd55b716070e9757b335434e6f34072b32e57f6fa45c073eb74cdaf4604d504d22e5ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
79947cf8490cfed58400af994b3c5cb3

SHA1
2deb7e5cd85c677e6e85952c6b4f8ba273e1fb8b

SHA256
0bdf0b4a711431b0721bcc8c4edaddb68c69b9c5136a161fe4d3a8ad391107c4

SHA512
5d88084ab6192b79f2a95e5d5b6e5416a06648be457c2b9bf7b6f5c0b6bd55b716070e9757b335434e6f34072b32e57f6fa45c073eb74cdaf4604d504d22e5ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
79947cf8490cfed58400af994b3c5cb3

SHA1
2deb7e5cd85c677e6e85952c6b4f8ba273e1fb8b

SHA256
0bdf0b4a711431b0721bcc8c4edaddb68c69b9c5136a161fe4d3a8ad391107c4

SHA512
5d88084ab6192b79f2a95e5d5b6e5416a06648be457c2b9bf7b6f5c0b6bd55b716070e9757b335434e6f34072b32e57f6fa45c073eb74cdaf4604d504d22e5ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
08a1396e006ce02d9f157ad19333d5cd

SHA1
6aa61161f9aad126fe0b3db6f7b389edaf15d72e

SHA256
b938291d7772373f34209249d04bf4a3666a914886454117a01f42609b4f243d

SHA512
b6141993dd484315e72732df64305461b3214cd20d1d82c20ccdb52fce9074a56efbd77d815067cbef56aa12b3954e176dafb60d532f6dd10e0312ab0d0dd8b8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
08a1396e006ce02d9f157ad19333d5cd

SHA1
6aa61161f9aad126fe0b3db6f7b389edaf15d72e

SHA256
b938291d7772373f34209249d04bf4a3666a914886454117a01f42609b4f243d

SHA512
b6141993dd484315e72732df64305461b3214cd20d1d82c20ccdb52fce9074a56efbd77d815067cbef56aa12b3954e176dafb60d532f6dd10e0312ab0d0dd8b8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
dbcc962f6814f4a59e4ed4b2d4791973

SHA1
a00ae58f7c1110aa0bdc076115d9556eac1b7359

SHA256
97cc16d6adeecd6b59378d6114ee7d25b1f1cdcfc548d2e9fa261045bf3cde7d

SHA512
b98e5ce2d008e13eca5bd5d7d1762d4b3de314c2db21d38c31f06a6f03ec9f615c882a5fc03aac089379a3d96139b4aa73c8fcdfe6887fd5fcfb44af6091f0ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
acc4cd3c2ab8d9edd20db1ba00630102

SHA1
2adf2816f06df3efa63bebb808e56d265a79c37d

SHA256
0853fa343c1723149c22f4e64cf55f2e5f48bb68848849287eeb6c1ed26375d1

SHA512
316756a187f696e7b9baa0a480263ebc780790112ab62a17404b00d7e0af4337d4620c046f76af62b9497c695d19ff8305ce3f7881d6e3fa1e6f5da6cd7834c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
3bc861d6b04512dcb00b5924b01e6560

SHA1
35917e8aabcdb05744cb254288ec189fae67e8e4

SHA256
f384faf8379c38678c0eb2ad93a0c3b7a9026e8f025bbe9f3082403023fa46dc

SHA512
d9b11915b2c545de04087c2db90c77581782953194e764399b917642679f41cb70c5e7cf06d7cc938c1c333d01cc8b4538972d5b5bf9e1c38ba3ac3f5d9f3b74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
ef9760d3737d9852f32abe30fc6ddf69

SHA1
f7c01bc4d2bd5218e90f10abbcf7bc5f2f8a5dab

SHA256
9ccfc6c07e9d2983fd4cac23792895e0577b18b03c3ddc9e5783668f3bc77970

SHA512
477b7c7a344b44fe0526faa3c1007bf752d4aa3cc81560d90cc153fc74780377bc269128cf7072287efda45102161ca4f2a7dfa1b5623f3f9ac71c93e550b1c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
dcd228344993ca37dd275e384fe59890

SHA1
500929d821a47a776996bf6bb9a7a9a960480aa0

SHA256
1c37d60c49c34f889c675e11e38e4a94326e5c29a07ebe6efce45637ecf36465

SHA512
1fc62d3c7aedeaed4b2a3b18d1d9b304addc472d9db1f5d2236d3df7534bc7089023573f79db2fc0a0dd044810fe5f10454f354af9a5c181f1aba4c1b62d5e48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4757a0404660f9bd7cd9964fc4c40c15

SHA1
6094f48795bc74fb0ee42be0dd4cc4efdaf19565

SHA256
9bacd33940ec26c2b1bf1a28b9b4782eb523d9c0123d7de9afc1d39dde521b62

SHA512
0f81745231202d2efd3d6325e2682977ef51e84d080f11c58643e917319d41b53921d88e07ea79eb83e73adf7ae7e1b62b22dd9880c7daee7fa959a860636bf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4a6a3b2abdf55f08d0fb114019b51964

SHA1
901e50dc60b618e00c94605676ab1434c76ee866

SHA256
cf159ebff35d62a9380a470d5ac08e27aeb21c79d3b2aeb70d9beb9ab7b55873

SHA512
c67245a17802ec44a623791007b2bb16ba3795d9e24f6f30b86a04eacc7bba8f13a6ba76d977636acdcdc295ce1c9da806adf0a7f522d8d06e16dd743090681c

Download Submit
C:\Users\Admin\Downloads\ChromeSetup.exe

Filesize
1.3MB

MD5
326cd49ce7dba02f540fbe869ae9ff6c

SHA1
007410b80ec3ad05c26f82797441f82e2b3d1225

SHA256
7b8fc76e93e049f548fdc8ca23b11cdc193b9b3a688d92260bc1cc79360ca3c2

SHA512
f903c12dbc5909de47b88d89dd7cc38931d5956e8863411eef4f23be6633d7634626f3b09259f1eb2fb6c2a0111cf239dae4a3ce0426dd4644739683139db132

Download Submit
memory/2228-327-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/2228-150-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/2228-355-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/2260-328-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/2260-356-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/2260-156-0x0000000001920000-0x0000000001921000-memory.dmp

Filesize
4KB

Download
memory/2260-151-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/4400-375-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/4400-138-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download
memory/4400-148-0x0000000004F70000-0x0000000004F71000-memory.dmp

Filesize
4KB

Download
memory/4400-326-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download
memory/4400-149-0x0000000004F80000-0x0000000004F81000-memory.dmp

Filesize
4KB

Download
memory/4400-133-0x0000000000110000-0x000000000118E000-memory.dmp

Filesize
16.5MB

Download