ec33d8ee9c3881b8fcea18f9f862d5926d994553aec1b65081d925afd3e8b028

Analysis

max time kernel
75s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2023 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

75eecc3a8b215c465f541643e9c4f484
SHA1

3ad1f800b63640128bfdcc8dbee909554465ee11
SHA256

ec33d8ee9c3881b8fcea18f9f862d5926d994553aec1b65081d925afd3e8b028
SHA512

b3a48230fc6f20038c938e5295b68a3f020b94e220ca2fab6a894d126dc41f6f1021c239613bf9d6de84370ad7df9d9a91baf716a87d43eb101ee3e48578e5ff
SSDEEP

98304:j5ObAu2pmits24nYhQCWQdaQQo/mJPv4KYZPKBhYI5RuN4OL2wIjcsJWNg3:IAnRu24nR5QcTvYdmPuWOL2TcQWe3

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 3 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2336	AnyDesk.exe
2336	AnyDesk.exe
2324	AnyDesk.exe
2324	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2164	firefox.exe
Token: SeDebugPrivilege	2164	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
4272	AnyDesk.exe
4272	AnyDesk.exe
4272	AnyDesk.exe
2164	firefox.exe
2164	firefox.exe
2164	firefox.exe
2164	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
4272	AnyDesk.exe
4272	AnyDesk.exe
4272	AnyDesk.exe
2164	firefox.exe
2164	firefox.exe
2164	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2164	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2336	2324	AnyDesk.exe	92
PID 2324 wrote to memory of 2336	2324	AnyDesk.exe	92
PID 2324 wrote to memory of 2336	2324	AnyDesk.exe	92
PID 2324 wrote to memory of 4272	2324	AnyDesk.exe	91
PID 2324 wrote to memory of 4272	2324	AnyDesk.exe	91
PID 2324 wrote to memory of 4272	2324	AnyDesk.exe	91
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2724 wrote to memory of 2164	2724	firefox.exe	111
PID 2164 wrote to memory of 4564	2164	firefox.exe	112
PID 2164 wrote to memory of 4564	2164	firefox.exe	112
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113
PID 2164 wrote to memory of 1172	2164	firefox.exe	113

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4272
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
PID:4236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.0.458339115\1870657964" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2403357f-bfd1-4a39-8a33-579af08226ff} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 1964 2e65d1d7e58 gpu
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.1.514382965\1554535211" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa3bfd6-facd-4ce0-90e7-eb1726038938} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 2364 2e65cd32958 socket
    3⤵
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.2.1356168101\1287100215" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 3032 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6846c645-3155-4926-a626-78706bffe867} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 3184 2e65d15fc58 tab
    3⤵
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.3.220500936\796062151" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dbff0e9-46c3-4688-9448-a8da06d53390} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 3564 2e650962558 tab
    3⤵
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.4.1479087454\433412937" -childID 3 -isForBrowser -prefsHandle 4468 -prefMapHandle 4464 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83a3328c-d9f4-4ba9-b9c6-8b3e6eaca339} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 4476 2e662e92358 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.7.1301100272\713163094" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8f3d615-a762-40de-b117-b36af612c9c7} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 5480 2e6636cf858 tab
    3⤵
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.6.1887230352\1944330807" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ed80bd-6f3c-4e3d-a0f8-1dea8d995ad0} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 5196 2e66339ae58 tab
    3⤵
    PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.5.472151409\731342021" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 5052 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88f92773-fd97-445c-8109-39a5a379e092} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 5056 2e663399c58 tab
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.8.1634537180\1325983600" -childID 7 -isForBrowser -prefsHandle 5736 -prefMapHandle 5732 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bd94c02-e301-496b-aaf1-59a58b69b186} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 5748 2e662e92c58 tab
    3⤵
    PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
32600ba50485c233700cae5d454ebbf9

SHA1
373061430dd92fc01fa3128c4b2bdf18268fae74

SHA256
f349f1df5ab6e0d904f2af4cc2900f615bf1a65a7f10db440260686bae2527b2

SHA512
6001f456a97630b6f2a9a9dd84c53844376689e2b98bef3440de3abd97d13cd6034e13bc07ddead4e5591ef42a2e1ff4850a8ecda2b81a897b959af64d582908

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
30KB

MD5
7d66cf86b49f4533a46bd60a71a783a6

SHA1
80bf85c706c44a950efde306b2919a368943618a

SHA256
c50223445e3027ee0b14cc8f095d8ac25b926fd1ba487937d7a389ae8344bcaf

SHA512
df74fc7eb2edccbbe3a3323b135a0d4551840940d924a0eff800c8fb49d99e54a31994227df4b774250e052e788167cee08892b973eb60576cd1a0e2244779be

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
fa6798c1807c0d1c4eac928a0493d214

SHA1
61af23eaa9ac55957b1e4418e7b9328e4beab0cd

SHA256
218dfaef30e05bf1d86986330b6220609100f58ca96fbe5b1c44d462f10d15d2

SHA512
bda211a75ed908c7980a1b171438930152841880a0d941e64c51bd2d610b261b9a8e1ee3ad7981d75357ed790b14707bebaa133021518f92ac88a171014e839e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
1bc14aa6eb9ffa0d5da624305eeb6407

SHA1
b54b4cfc4b4a1b8d20f3aa03fcec65b3bc52cb60

SHA256
486e4feb1a07f2ce81b21f43e87d41d6d2c77d0714ecaf09bdd044a8156a8367

SHA512
ba176dc12c89f8f48f8812724cced55b0b45c7cc0e25d0705fdd0a34551d3caf6384c8c2c76382211b25fc6b11cddba2e9f6d74c75c8881c63e2f4eb28ff5c5a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
e0f8719f4fd3dfd49ee781b5c1fc8e78

SHA1
1a6b17dbc99d839877150e6b2fe868265ac4d64e

SHA256
18e1e5b50e91c971e9c15025c3e607ba4a90b5b14c1a8702990770edb6b582da

SHA512
50933308d937d714f9f99d90126a122c868f182b155e35e495fedfae93fcafd8f0a3236e5c9b3a3661dea379d9f74861ffe3a037bb8fea4f8f4f398055a366b3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
fa90ac1914033abcb79a7a2206f0da09

SHA1
a515a8f0330bc2c8d0aae57b4d5eb8019e0063f7

SHA256
7fefb06f6d5ff4e41883d3ec6791b04e7d589bb31bbc382443ca50d82b24c37b

SHA512
457e7a766e8f013abb7243e8d038b55551b1c3f556c7544971786182f18f1d57b98e22c5e0c01cb27d6c82bfa12a1dd7ed7a2acda4eb58d0b0a89593525c314e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9c030fbab57666b96f8afeb46cf6fc61

SHA1
30dc17186e5ab63d521fa1120fb358a5619ee4ce

SHA256
0fecdc808182f4372a2df0e01195bc99805894d9c625455e1b723cb8b19e63f7

SHA512
545abb5d4df3f566d14bf51896af026a39526577800e5d8b7af2e2488031e221bc51bf109a5fefc27912f3d4ebc2c61b9884e10371cd1e98af99c80f789f70ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
018173475e42e8e8e97133b58030c8c0

SHA1
4c2f65a8a7cbf80faa1087d591edc2eb1cf18c61

SHA256
dda30a03ac7322badb08d858e9321cb8ed279331cd403ee3385057fa6b457e51

SHA512
8d58a96bac185060245745945ea4b13a8b248c2860b5ad0192041c9df56632cbdd88a0ba2c2b0e170facf2c071ec90f7fb53122a8ff2bafd72108b8b6470043b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
802b05a414132065f86e0f41988ab6a9

SHA1
e0115748e7c11d29e65086322587e398413f4ca8

SHA256
b486e3217cf1a6b3d99e26e8b455b822ee4f961e8fe30b886ba8a51d5ea78855

SHA512
58d7e6a5a7f602b24088324a0a8068b5bf97508b054799ed144c30ca93916a9d6b911682d73c7d2640fb8901c2ecf95b74dbf797e47504cfc028dee267d41620

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f7aa31959007cc0e369f6ec8b55eaaa

SHA1
a5260ce1b5ab8428aaee79227466a4219f96c486

SHA256
9ffc2ad2d4bc839eac975d4bf58d3cfe62aeb128735d6f8db6087d04ab7073c0

SHA512
472a689434f099021ced847998ad0ab3e81b68d8a0d08a94690f2157656b9f90d124209a0755e86a3886fa5d2621242af4ba19eab8c36cedf47077088db4bb70

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4e551bb6df397233eef734ce747f961f

SHA1
6ace374ca14036d1712d01eddef330614530c5de

SHA256
cd42a040ec21f15cb053a3aae179f529c142cf8f62eb8693213170a61578bb04

SHA512
ca3c82a0033d4257b4eb5d3be5abf6a3088623efa9ac611918b6183e49e38a292e49b295af541625c8d48303f0d34080583776c634f897b47d49ed30999418f0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
a0b87749f2fa07792b863536ed186e2b

SHA1
ce1d061de7b422b1b62addba2f22101fa6954541

SHA256
60bc29d2badfc175f1b7201171a8e856d49ae498acca99126f1f62258347d9d6

SHA512
4025c9cdaaf5084412ef9baf8a412e70506a7b8c772efee5d2be9fac6839c9cc0cb6971349e5b83230be67cf4a16fa26ed14f7351a68697a62fff02aedc05a2e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2849bada2189e2454473cdd8efd9c0bd

SHA1
821531b2f34e3599a999ca74e26aadd0784cab97

SHA256
984792530b13a7e534331377d90888fed20c04fb384e3e0446337d25512bf9f5

SHA512
fc7b9fb28c26c12381fb96203e260e82c4ef3c4c4518f155d1419dfdac837595c5ba2d235fa93e309834c0ec1620aa7ee032401be4e8e5db91803c546d59ca6c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3018f110cd38369deaf7313a75542962

SHA1
78adda972e24be3710e16b090d6e8632e7c84441

SHA256
87a668d7066142488f3aafcaa04eb6e3d371be2ffd59a3acb1acffc40e0e34f4

SHA512
fde0b419c301d833e59e3c7e8304f6152065118d68fe364e8214dcfda205e95fc11cdb8893b41cb87b29489396c5ffd7ccc255287c2d38814510001aa6b9be69

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
add1386699906b8ea00fcbf351a97f70

SHA1
fe3cd9af1e3224c1cd34f606e127a99a43a5921f

SHA256
4aa043099c792c0ebff0c29f250cd0f3e3bb6d181771f1e9cc8658f129164138

SHA512
0049598eb18fb119a8cab0b20f988893d0b6d5004544979cacddcdbcce070ced11d609e6a8fdda8a3549fd68c82e876feed3286cfe1047ee431d38bea948d98a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
bb781a1d41c0ccb26fefac4653af8f22

SHA1
9bb406554f6d394e2b7ec13f36998b45ccd95dd5

SHA256
aeeeaae891719017ca0b4a2d8ae15bb8a00f9f637b26d9dca2c1a25c4f4d8c73

SHA512
8a4e03ba462ed00b3da9eb9849341da5be0d376dc04fcafa5c6e91f62b1f802e586ad028a558b8a6a702bc5053fc8d2527a58b50428d4a36b5c7c9e82f66ff43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
c03c55dde245cd42f8ca380e5d833db8

SHA1
cb1acd7c0fc164cb3c9f12cfa906aa861fd150e0

SHA256
978d8cba1c5e29860466cafadf25cb86bc83f20af365ae6948ec68413b88c06f

SHA512
a39e8ff09107cfde3d3d7b460d60029de67b996910b5d587d2ec38f4a7ed42b57aa7d22deea235c84a3fe391a655a457a625c693e46408653c700e9634c45cc0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
d58c3250295321cfc2cfb94c123b5720

SHA1
b284432a69bc8b72f512c81092c629c6fb7c2e66

SHA256
d62136256f91b1387340ea084f704bdd91c7ecc7b6bfaa4d5506423393486515

SHA512
711f1d3146d001d0706ef1585a1067368300b6636e28637aaf907ee56d29173b9c989fc5c5ced28c55e7bc56952fa77d76fcc58b0e6714e87cff43a6faaab964

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgq6oxqt.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
502067275a8a11927be6aee520f71fb8

SHA1
48ef316eabb7c906d508b1416e84103b369d25de

SHA256
a87795c704e11acdda6800ad90501a96014eea2d7163b90c887845a5e83d45f6

SHA512
2652d3eeddb13f22be9d6fa1303f217c483c4fa71f2dc0bbfd8e6b6a71a96aa5177ff8fe86a8b71538263da8fb710bf75df8f546984e0c1afe7612701bbe6061

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgq6oxqt.default-release\datareporting\glean\pending_pings\392c84a9-aa60-4c6d-a2a4-271f7cf9263c

Filesize
734B

MD5
bde84971b3943e3308374a44ac417fdb

SHA1
4aeaa68a2ea6e4ea6c936882c9f4b013d9980254

SHA256
68302610e96bb146159e5fc8b512bdc9f636c10edf501b94f3049bb4e526bbd3

SHA512
22277ba51dea5ab739e042104b9d32dd74b7db69b87fcb6391a9b411252cfd3b9d4f39554ae819d3ac62a3d25ddb48f42bb23bc95574c2a35da9e144ab3321ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgq6oxqt.default-release\prefs-1.js

Filesize
6KB

MD5
4441ea954af38ce58a7ccfb5bb0ef668

SHA1
1328b856e4b61327dac59ad26c4aa6b603a259ca

SHA256
4c42e91b4b763c761699da536c1425bf86e41aa3951889ee7a30044ad2f52db4

SHA512
044f263b68b3b567610f5166b2192eef1f7128230d5994a4c65d6b260975ecc6bbeb93a4bdd2ca5f7f17f61a42bac6cf708c26c796baf3cd6a66ffd26ca5dc99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgq6oxqt.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b3b11cb5ef7a2f0f304b1f9a3fc3d51a

SHA1
258774416759bcae403462a2a4c7848cfcad340f

SHA256
d7075006fb58cb4122445f283b093ef4bf7b43a5a405f07147325f36dc8b9351

SHA512
ee44acdca0d7fa8d1a83e83ed731ccef8736fd9d96762457617b139d442ae7d2007f44421091b639bbd89b45f65fceff217014076ec3e9afe361deb5b79e0058

Download Submit
memory/2324-143-0x00000000086F0000-0x00000000086F1000-memory.dmp

Filesize
4KB

Download
memory/2324-92-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/2324-1-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2324-0-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2324-4-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2324-142-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2324-36-0x00000000060D0000-0x00000000060D1000-memory.dmp

Filesize
4KB

Download
memory/2324-144-0x0000000008750000-0x0000000008751000-memory.dmp

Filesize
4KB

Download
memory/2324-145-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/2324-37-0x00000000060E0000-0x00000000060E1000-memory.dmp

Filesize
4KB

Download
memory/2324-91-0x00000000061D0000-0x00000000061D1000-memory.dmp

Filesize
4KB

Download
memory/2324-185-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2324-93-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-152-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-38-0x0000000003FC0000-0x0000000003FC1000-memory.dmp

Filesize
4KB

Download
memory/2336-383-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-104-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-11-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-107-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-12-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-97-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-347-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-315-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/2336-223-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/4236-222-0x00000000078C0000-0x00000000078C1000-memory.dmp

Filesize
4KB

Download
memory/4236-221-0x00000000087D0000-0x00000000087D1000-memory.dmp

Filesize
4KB

Download
memory/4236-229-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/4236-212-0x0000000006040000-0x0000000006041000-memory.dmp

Filesize
4KB

Download
memory/4236-343-0x0000000006130000-0x0000000006131000-memory.dmp

Filesize
4KB

Download
memory/4236-211-0x0000000006030000-0x0000000006031000-memory.dmp

Filesize
4KB

Download
memory/4236-194-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/4236-376-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/4236-186-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/4272-16-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/4272-35-0x0000000003E10000-0x0000000003E11000-memory.dmp

Filesize
4KB

Download
memory/4272-98-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download
memory/4272-348-0x00000000005F0000-0x0000000001DC0000-memory.dmp

Filesize
23.8MB

Download