23b661d7bc171cd500d5096456905283ffe06479582b62d3bd5066633935d43e

Resubmissions

11/07/2024, 07:39

240711-jhaepawcrp 7

20/01/2024, 15:25

240120-stl3ascee4 7

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe
Size

19.8MB
MD5

7caa1ef1cdeabb6c7487d66bd172fcf8
SHA1

a95d7098080fc3994ab434c2a5c4ec8f85817b11
SHA256

23b661d7bc171cd500d5096456905283ffe06479582b62d3bd5066633935d43e
SHA512

d4d13f539ce2e6177be3c06bab29fb69964424176a5f7573f27bfcdf87fe73b9b522182460331523f1421c0490e4c95b3a864eb9152df8bca7957916b85c5ae1
SSDEEP

393216:Mdvr3DHhPWjmUASYlYLGE3+6Pdj/uVDVU3LLHf36WAaS:SzTHhOjCl3b6F85UbL/36WAz

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation	rustdesk.exe

Executes dropped EXE 4 IoCs

pid	Process
3484	rustdesk.exe
880	rustdesk.exe
4344	rustdesk.exe
2628	rustdesk.exe

Loads dropped DLL 46 IoCs

pid	Process
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
3484	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
4344	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe
2628	rustdesk.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3524	icacls.exe
3356	icacls.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk\log\rustdesk_rCURRENT.log	rustdesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 2 IoCs

evasion

pid	Process
3932	taskkill.exe
4420	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3484	rustdesk.exe
880	rustdesk.exe
880	rustdesk.exe
2628	rustdesk.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3932	taskkill.exe
Token: SeDebugPrivilege	880	rustdesk.exe
Token: SeDebugPrivilege	4420	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3484	rustdesk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3484	rustdesk.exe
3484	rustdesk.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 3932	5052	SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe	88
PID 5052 wrote to memory of 3932	5052	SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe	88
PID 5052 wrote to memory of 3484	5052	SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe	91
PID 5052 wrote to memory of 3484	5052	SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe	91
PID 3484 wrote to memory of 3524	3484	rustdesk.exe	95
PID 3484 wrote to memory of 3524	3484	rustdesk.exe	95
PID 3484 wrote to memory of 3356	3484	rustdesk.exe	94
PID 3484 wrote to memory of 3356	3484	rustdesk.exe	94
PID 3484 wrote to memory of 880	3484	rustdesk.exe	102
PID 3484 wrote to memory of 880	3484	rustdesk.exe	102
PID 3484 wrote to memory of 4344	3484	rustdesk.exe	100
PID 3484 wrote to memory of 4344	3484	rustdesk.exe	100
PID 3484 wrote to memory of 4712	3484	rustdesk.exe	99
PID 3484 wrote to memory of 4712	3484	rustdesk.exe	99
PID 4712 wrote to memory of 4420	4712	cmd.exe	96
PID 4712 wrote to memory of 4420	4712	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.RemoteAdmin.957.14433.19117.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\system32\taskkill.exe
  "taskkill" /F /IM RuntimeBroker_rustdesk.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3932
- C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
  "C:\Users\Admin\AppData\Local\rustdesk\.\rustdesk.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Windows\system32\icacls.exe
    "icacls" C:\ProgramData\RustDesk\shared_memory_portable_service /grant *S-1-1-0:(OI)(CI)F /T
    3⤵
    - Modifies file permissions
    PID:3356
- - C:\Windows\system32\icacls.exe
    "icacls" C:\ProgramData\RustDesk /grant *S-1-1-0:(OI)(CI)F /T
    3⤵
    - Modifies file permissions
    PID:3524
- - C:\Windows\system32\cmd.exe
    "cmd" /c "taskkill /F /IM RuntimeBroker_rustdesk.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4712
- - C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
    "C:\Users\Admin\AppData\Local\rustdesk\.\rustdesk.exe" --check-hwcodec-config
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4344
- - C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
    "C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe" --portable-service
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:880

C:\Windows\system32\taskkill.exe
taskkill /F /IM RuntimeBroker_rustdesk.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4420

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
"C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe" --run-as-system
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\RustDesk\shared_memory_portable_service

Filesize
23B

MD5
a5bebd73bed55d5d7a77570ae1a7676d

SHA1
ab3acd9b20bd7c1cd61cc5f734e552506b6cfafa

SHA256
1c8bf79e52186adeac79ee1ed5d6f73c8098c21e5a0ebc33af93edf8b9168d08

SHA512
813c708dbadb234d93109772262faba5bb1b0958d0bee4dc21ca1e6060a8bbfd8c66eb768ab0b0fade551e57051123ebfae7e31284f814db842e9ef8a51669e8

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\data\app.so

Filesize
751KB

MD5
6f68c919162a60674a239aaaff6d52a0

SHA1
49f39db60813da4d5a73e92b58961aaf24d30f66

SHA256
3dd273858fa7de64acdf1d6b21f8d83980834f939901e80945df87dd0ada0db9

SHA512
2294acd97345b71d4a738e86baf19a781571f73368dc9ab4c6baf27d690e64a559819a41e4b96c2f1276d6713b962e4d55e772c01a8d1d9892881a9dad1d48f5

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\desktop_drop_plugin.dll

Filesize
100KB

MD5
ca94e80a8b21831f11aa116f28f16e43

SHA1
f5f54b7659940220b0cb9268dfe246c55ecb3f85

SHA256
18c4d2cc74ee8bd4fcaa23e7ff188f35a761021b1ebc41205cbdcb916d3d5c73

SHA512
c63dcf5efc99e322075268ffeb4f78b40f79215aff7dfce3dd30ffb5d651fb355f8cf0eef2d1e0df1b40cc4cb50047f1eae3e8558aff7c658d41ca0c064ec986

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\desktop_drop_plugin.dll

Filesize
332KB

MD5
a08b6b4b8fca511c4ae5f0c3ea2b3b52

SHA1
f4062878489cb76259546f535fa5b0cda4500e06

SHA256
0de513f799226c86365295950821725eefac3d7b094f3b1c3dc7b8cd92127564

SHA512
a08af29dea6c0c16caebd2683ca1413aa801358c644029f728d2e4066998c0931c95a1c65781fe58927094d1df3e48b342d0f65efd370c8d094a64cc9af1126b

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\desktop_multi_window_plugin.dll

Filesize
358KB

MD5
ac9fb7dff4090833a61a3480e3a32904

SHA1
3076542f071a0f31138e792263cffb6d2ee7e92b

SHA256
4954ca0f77d4fab559d550744d6f518ea0695ae54b9ebe974ed8a723840c2dfe

SHA512
5555316c9f808479f6f7672a5fb6401a1897034dc5f199696ab5a6682bd63569a8b94fd0ff59a39fdde00f7600d8ee4c19d6fb57f16a0e7d0452b0d8b49b0f09

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\desktop_multi_window_plugin.dll

Filesize
55KB

MD5
2d4c4f2f66e067f4a881574ee8100b0f

SHA1
6ac128a594c97d11330bc10c261b33d9ad597199

SHA256
152aa32c2b4ffcd641d32ccfd03ba9890ba9eb6e88474b9d4b5ed1bd5bfbe842

SHA512
0ebfcc2368f59d2bf41f338f563b3232eb409e9ab6968b63ade92e9b54031226ee22e76511203fb671968931e63faa959500e79eed8c555b130c01ecf7c502db

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\desktop_multi_window_plugin.dll

Filesize
405KB

MD5
19964243f81efea4cb3c756fce35fc87

SHA1
5cad8ee708732f6076daceabf6939edf8d53e116

SHA256
f417bde8a0853a612c0c9e81e28f52795b052180788e001210ed3fe09491103a

SHA512
df5d97112018a160675d5a0fc8b262f90e4c745f58af9e09089bf66b8e18f6cfc619856cac1e4adc2ab827324b899dc1fc48e318554378417c0f3b5b11704825

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_custom_cursor_plugin.dll

Filesize
218KB

MD5
f11986a549a9bfa5634b27e19cbbf86d

SHA1
922f62039609a2df18f5a30582bc2173f834c5b0

SHA256
a1c1f9ee6b2df7604be31929e497a0942776ab867e947c137606bc3d86690054

SHA512
57ceb38ccfb778e5e8fcf5776a5dd22ef64197d518fc5151f3e338688fc3a38751a085fe50abf4c36b0be8fd603e840f6d43cfb9c442084a812aa40268976f46

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_custom_cursor_plugin.dll

Filesize
139KB

MD5
9f2e291c27bff1812d1495597a3da63a

SHA1
9f3c04e379f33b44cb9cbc250098fa6d87e515fb

SHA256
d7b95328bcaadeef0123758adfa8772e1b7ead8499813d00973b9a28c44a96e0

SHA512
61157afa0f405bdc15f447d3e33ef9fc2d21fdeabc518b39f17886062c3b613054593f1c498613b5ee5be301b5d5bf6d7fb7fd6f8bb96f57cec3383b3f209dbf

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_custom_cursor_plugin.dll

Filesize
322KB

MD5
3c710c1e1025ef0fc8cdfc9f746372ac

SHA1
f46ada3ba09bce3457cd5ef0f2ae22ce7dad5fe5

SHA256
39884f09ce034d7b3cabbe3300ecea3d4731835acede66b7b213c46277b5695b

SHA512
00617fc61eec40590e5e702ed8a055e553d80908ef12469ce9a9373125e60f1157cd9accc717cc5273bdbb6deb55ba6d5f551ffc66a37e2609633e5a2e504af3

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
1.4MB

MD5
c6cff31e86cf6329436004684d22ba09

SHA1
79e02a9603ffbf0ba9a504a0c28a73f16791c555

SHA256
c0490adcd6227db929a4546209d76c33c7a9b6929f947893afb14e4002aa11b2

SHA512
98a7f690d130b30727953da7a7e7c1530da9cf05cdb654c2ad3d500357d839dbc41c07e5790af4bac37db669cb7fc4b939854ccb8f1196a3429ccdaaa4adbd49

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
1.8MB

MD5
3a90da81689d13cae5c3dcf34f129c7d

SHA1
1d666801e75eccbc54a65c68cba02e96a14e7fdc

SHA256
75bec0b8be5f1cb93635e4b6a8f3b37953cf6f0cb3e4b2faf53714414b78328f

SHA512
755179439464d29ff2346e691a8b6272b8650b5d5ca1db0c8324e4a6be81159bddf0d84bc3ca360cf524987502989c2f3b572cc21c29adc41e526dc9b72a9bb0

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
1.7MB

MD5
f31e28580962c4ccd43663215d7f078c

SHA1
e1f8642f2fc4d972ffcc969cea006ea05fc27f07

SHA256
b822ab436100b17c51a647165e3fa8198ec344a41353331cdbad693474b84f9d

SHA512
7eca41a209c6b2cfa523ec10fbbe3f6076360ccdd0a59c143827362b18a23aca3e62b23f23b35562b6646886b8e7287420ab534f3372aae8422d88979052dd36

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
1.0MB

MD5
5429068d0d182b7ce8bfa0a5b5102f89

SHA1
f036c6c06f367af043aebdc05b01811476ea7b21

SHA256
69c84c03bc8df0c1d8b83b74f9ef34b6fa2b58cae11569e4b98353c5424c4ec2

SHA512
12fca2ebca666a530f999fb7535a56f02d8a444c7f727aa7e68c3d2967b8c0c81d0355c9a289c906298b5ac3f940fbac72f5af11e21b42c06157230fec351f9e

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
175KB

MD5
2bb692d49d26cf12d7c90767eec7dd3c

SHA1
93953ab9815bcefbd2650c41e70795017a9ce4bb

SHA256
e18d2820bd261c1e0aecbd46ef8c7bfbc346d3b49576cbb10ef4f16e404bbb48

SHA512
60259eb79bc7f9b54d21eca6178902732b940acb57bf91f25cdf22565e49d15a9029d8e91e1cd334d0b0274804535d17db14887c491296f6b62f84ad9c7d1956

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
192KB

MD5
1f8c3fe3451097e3474bbf16b76ff4b9

SHA1
8203ad6147d96af189f3b944286a9a79f0b66fd1

SHA256
f777ec13289051ffd0598b3b5e70d8b5a6f1782b721d2c734a09c2ec6e8eb1d4

SHA512
baa94f89b0560ec11bb5fa977ffb8ac02d4e176d10dc1d19c31f8b6328e4577a3c98829edd7c9d315df9c34acd295ccf7af3ad3b4f91c65e39695c2f1149fca2

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

Filesize
57KB

MD5
fc106e9a5e41df823e2586fe0af3fbf8

SHA1
9afa252964501cc1507112b3c98e9752f60b12f0

SHA256
1bcbc9448910fb179b51ab58974e39bd8d197fb0a922a46ef75d01b2871f179f

SHA512
982028df3fbed4c67fa6c62e4ab723e63483875b82018b8f14b25df4c1b793b77df70d78bba7dddbb955357f958a0c19c98e6132b63cf392130471f929f2f219

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\librustdesk.dll

Filesize
939KB

MD5
19b2cde48efd3f90b50439941c71dafb

SHA1
82bf204165eb35a610b4396b8c58bc28224499a4

SHA256
a25ae0666395a0629522e7f10566a293096cf92b88eb117fa81d1711138bf1a9

SHA512
96536634b23c87799cf2a2c72e722da43edb812548d797811557a08ca616cd03abab46ec3c0bdb0c09b7ed600aaacacd985f555ad2c3acd94387c43b3fd928d3

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\librustdesk.dll

Filesize
877KB

MD5
748ed308504146c06f00400439eeef04

SHA1
8f3b0b56f2caf2e758964e964b5c48adf5e01b6c

SHA256
e0d5fb977b1e39d66a6ea13a4a0c92267bdf7b22ffab6ac6fad3ccc69c45902e

SHA512
77ef4ab3d79e4f0b8f214045f86d0ba35600ec8195ed493b8fc9df4b289894a774af14432b76698cd4f10853fa88e47f5d7d9baf1f3b50a230fc16cb3902458b

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\librustdesk.dll

Filesize
186KB

MD5
f76b5302a4c9228827441c3b2e6806a3

SHA1
a939ffc09b75869786aab474d5557878d3c2abd7

SHA256
209d1437cd734b80dda82b76c7e54334fe37784cb0048fc11c11f67085fe32b0

SHA512
0b63a8a7d617058929979d7480a6756124e2ca9e842fe9dbb5cdf9cb0e038bc9a054e764e30b9073064aec645278db644175d1f4f164ec690b37fc607ae79100

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\librustdesk.dll

Filesize
7KB

MD5
aad0c8f7fd995e930d87a973c2b8033a

SHA1
c54fbf5c2fc8f3912ef04a8ed19ebf810086926f

SHA256
8a4bd01cea129a99e4322d3e8cd5ccc6dc3e2c03da34f8b15b0d2a76aa465f9d

SHA512
3d2bd78ca4ce4dc36b73bf65086847486ddb5407bb80a017f46c596a5aeb7a6a6fbe784812850f9a21e8cd76385664b164c5a4b5b9b92e0e451b0979540f32eb

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\librustdesk.dll

Filesize
104KB

MD5
1a50b9e4a7a81556c3edc672ce882e0e

SHA1
b887524fb9c102a42eb525da10d9d595e64553b4

SHA256
f2c9b8cc0a25cafade2f59fd677d2c3d0e251a996e454073d9650b55e0581424

SHA512
ef6e5818eb8d95170379410e9130643b9fd372902b89d6f66d203e2722e86bcb52bb038b32c320528aebd3f90eab2d40e1835b50d192b380caafd88d6c152dca

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

Filesize
191KB

MD5
f74bfbcd023ffbf6b07f8507a0ef73a7

SHA1
dc78a7afde62e88048c2a8f04284b16010c5f9cb

SHA256
dcf6095358ce62a5e6b277e109438fadd43de34c6516b08d99b7f26af55555b9

SHA512
0b982e1e3ba0a90b7f4e5638218557a0e92334840b1b995070c8eb7f7226ccfb79cdf86decfa2c28346cc95164e334efb123916de97666f8da033d7ed3057d73

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

Filesize
225KB

MD5
5b3b19141ad932ed544537de5223d6d1

SHA1
5083781a12bcdd9f8419eedeb263b5f9a694c3af

SHA256
55490aa1a88b10bef803686cb2ab2a3be84d476f8a361768c382bd2bdcb1f0d9

SHA512
98bde670a4fbefe2f5e6db460d7314fdcfb6206f56128e19f1266983710e46f8695c9345075a3786d44d0d360aff86b627a69e1940a2857c23de3939f03b33fb

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

Filesize
266KB

MD5
272595dc239c416f97d938edf06b2fff

SHA1
6fbbf0629226d0337f62d09847a569ccfeaab7a5

SHA256
e8f370f8029b433f481333ffb7887f3dd8b91ebcd9e8cf8c81787c9de07da86f

SHA512
e430c87181aa41f6cd8aa32d92d729059f37b474ef03ea74bbbe18eb9b172a2bb423345139c5af833edea86864e6b8896f02ebc85741ecef29a4e62a3868ab15

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\screen_retriever_plugin.dll

Filesize
557KB

MD5
09c5f77b487c525230d287f72b155699

SHA1
16149a40680bd9d8e43a51a06282c2cb3b61a7bf

SHA256
ca71b91945b859c0e9af9c97e64733ab30589b16ada39095a03a00fa4fec64b1

SHA512
2333795975999031d5d1ec2235f9f0b6f57a24aa1b95223161c05a429935e6c80187e08cdc3a54459fa6274086110e22b490d922bed5546f27c42323076b0920

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\screen_retriever_plugin.dll

Filesize
192KB

MD5
a8f5037d5fc2620789af84e4b4a8e7d5

SHA1
9e13c46f719cfde8896918b7c453ba0ddc9b077b

SHA256
c8d117f7d08468de95798f8fe66a3482c00b5c3dd8dd4ebd2b421750918030f5

SHA512
fa5ef485eaffcc8baa80527059de39cb49a3a4ca46c958fb0ccfdbaec44690eb2799af886f722304ea39343c1206fc5fd8bff625a90e82d6f8495ece4cd93f44

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\screen_retriever_plugin.dll

Filesize
145KB

MD5
bcdd932d637d64cf4f223fd9923962ca

SHA1
b027b41ee824d47ab50f002e0412bde9c6b9d8bf

SHA256
1ab138d4ce17cd54d52a84b2ad11b479d2473b551fcd31f3b9a364cfad9cf8a1

SHA512
b293e13c66d8c32880d317e135266ae25a12a05508e3c0eca624432e03763c930e49cde8b9e9f86bb909d49950ac3b4fe3d9990b7a1bd8e08bfac1fb91840b52

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\texture_rgba_renderer_plugin.dll

Filesize
335KB

MD5
79ec6a8d69d00ec85e0d4bca4ca9f4c3

SHA1
c012a435e705e0102e981ebf5e252a429959613b

SHA256
497eef7df50108321a25940b858db0f5e448a0d2384ec3d2038c6e360f593ae4

SHA512
77de26eda07803070288b5376cafca8475a153986fdcbfc1c742f4224b09b9c8746bf87db7175b367125255593c07c7bf16554f0f4b06d444c5d2b0902452cb4

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\texture_rgba_renderer_plugin.dll

Filesize
214KB

MD5
e2084600d94f00740e3edefe35013323

SHA1
91454701deee0f2ee7a51bbcd189d8f8b07893c4

SHA256
88b83f3163d745904dd90d1b0986a377d276f78230ad34a163ccbbb703a5ce06

SHA512
617660e71244f69024346ae324f19c93858633f530e96caf5a41a5bd5966288e66a6c03b192e5c5c5465962b5b7046f23714752009a277501af698570d60b9a2

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\texture_rgba_renderer_plugin.dll

Filesize
104KB

MD5
bf511ab505586f83468da2521e914873

SHA1
f498f0261f8e3a24f264754725dbaf38e6f5faa0

SHA256
f3409e34667d2b551a11d71210c14d85c8c03e4d0fe67f13c789f4207ac20b9b

SHA512
b23394fe586c3a815e8c92243a90d52217977453043f90d0da5d00dca4513071dcb9af32cde351cd8f87505b30b5c6f522b8824cdb0c7a37c223b0edce304b68

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\texture_rgba_renderer_plugin.dll

Filesize
50KB

MD5
89ba802872293ad944f00c6d08ed66ad

SHA1
a92875c6a0b80f8f0b4792ce2b1ae517ef6713cb

SHA256
fa8fbd94f8caf2ac52fdeb60738438b03e3361c2e7129447f03667b16bf2467c

SHA512
1c9f9ac0d94458b00452817fd39b9fdff157f8e174b710683c32bf996300ad997484d31fcd5db1a50705ad7edf277d640f941d2a10d3554fc6bec6a08ac3eca0

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\uni_links_desktop_plugin.dll

Filesize
554KB

MD5
ad303be2fd780fec8dd371cf371c0539

SHA1
0b177653f8457642717aa6a4e1c62432e6e92b39

SHA256
d7c3da9ae5e8c6f33e4972784a0e73034b31576bf47248e5512f34d4beb0f8c2

SHA512
1ec4bd2bbed3b4d783611a2943c93854425a4b6eae070d37d61135f4ce826672a960fd0bdf1d4e7687b47a3b01ce6958e3f8c60b6df4ac274c627cf0966bb498

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\uni_links_desktop_plugin.dll

Filesize
384KB

MD5
e678df21c945b6da6e80dcc108b9d501

SHA1
6cd9319e5175b55b9ca1e64ec1228802ec77d254

SHA256
697cb33ee99d4cf49f33299c469e31e02e81a06e858d6704eb487230909f00bb

SHA512
ff992a6c90a159930d6c93951783461e88221a8cf5b8eb67a57f2f0298a07de3f8be503b32de6076a0a513f782ce52ef32b33f183737ada89c338b3b6de93870

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\uni_links_desktop_plugin.dll

Filesize
125KB

MD5
0c6d74b21ab8e8340f669764aed3a393

SHA1
fcb4ef255d23cf91255d2ff009733b71c3cf2dec

SHA256
ec8b5d50cee56744788b8dd1154e6533cb2ad5fc5e1e30c3d3de78eaa2a73cf0

SHA512
1447ae858de4a50774d9e0afac425812bad9167ba369b7da043e4af6ac285eedc1d3663ca728ee87b3c7a843a4707b4d4620ea4f31f7022c4969b1309e8692d9

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\uni_links_desktop_plugin.dll

Filesize
41KB

MD5
a7cf48f2dd2da54f1e4e3a522756e149

SHA1
f95e445e3b10f229daae1987d35a8551e6c5b2c9

SHA256
d90dec9d686645a10d5e3202fc40027196466d28f2915991e99601955ee0d78b

SHA512
359f2a9e65032465e9b0314deb647a322e18b5b7c97946066f5be1250900f3ec2cf67b34ec55b1a88cc76a03ac0354e211bad6abd6a40a4937de54475948d60e

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\url_launcher_windows_plugin.dll

Filesize
332KB

MD5
f007f46a79fe228e5aadbceaca242703

SHA1
c0f347acce2ea2025d9e1eb35e4eb829344a30fd

SHA256
027e70b91a2ba89f40b768f3b3eb6c12792f422c931a310f097bdb992131aa6c

SHA512
524e11f557395d025d3658c035d87a909eeed7c2c3e89209869e0a1f000e998ff71c4ba3fb69836d44b5116b4ff56c2f1f0eaeb7df3496421f3d1db42354f4a4

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\url_launcher_windows_plugin.dll

Filesize
83KB

MD5
57f1cd1bb7e4bf70a5af6361ad79f437

SHA1
b4ddceb617021fb058ca106dc85f2e9734635de8

SHA256
7daea6421ddbf8e39e48b5dbd7dc20ff5d517fe43b5eea5850ba1ac600d6fb57

SHA512
de4a2ef763cb84c63cbb0b91faca4a22ea2e6435904ec41dff7c3ef1e25260b038750372c53c5337e80753a184dec6b4f103db42cbe54f0d19c4a45440e2baf7

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\url_launcher_windows_plugin.dll

Filesize
129KB

MD5
308dee5be85afd3e996eb39b18dbbbc5

SHA1
42a87d3338fe71b6f40d0eee478b839b03eb9dfb

SHA256
b0387bcab3d74b14f50a3e8b5007a6b7cbaf0bbf737416aa36800b7f229e2b9d

SHA512
e3a34fb143e5bd83fa01761fbc89128fd5da8567a563c40c19f3f97b64b28529927484df362d4fe05272d9c368d72f4dabbdd79ad7fb3a88fbc3be9b66da854c

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\window_manager_plugin.dll

Filesize
597KB

MD5
f14f9be66e48c18118c45cf9fcd3309b

SHA1
1d290be804d926f60bed30f8f850bdb085515a92

SHA256
4a80b9dba44153735810e7531395a15476733f8a90a69f8fc5939a2c323873a1

SHA512
03b74aadc9a85c65024f4cc43ac6dda1558a157708b26b2c655249034fe0617eb8c03e5d6158ae2ac197ce51b8947262a6450e1a4f41ce0cbdec9a9f5ce4a0b1

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\window_manager_plugin.dll

Filesize
192KB

MD5
dfb34459d7ad73a88c46b2e09b3537ed

SHA1
70a8feac14fab27329f7dd575b5e7e24be022e92

SHA256
23deabddb878697ee75eafdd5e5b479b723fd42781229d2c98b1508a9a14be52

SHA512
f7970cfc5e1d6fe1afeb9cef5d12de0221f263138adab5dfa0f1cf281636f80f5f3090745e95c4ba00d40b2f5ddbe2ceff52c819a9ce40e15d579130715f1125

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\window_manager_plugin.dll

Filesize
130KB

MD5
02f53b95afa2f8a5398e1b2672a1bc39

SHA1
f525773e920d7550ad6eec9985827e26fb0422e0

SHA256
89c7c044fb876c25df82a99676713bb2d9df8106c88a14cce0290566b6dcd22c

SHA512
bdbcb6980105fbc28f55ede29d1f3ebe0c1ccadd39da2d01dec149cd7a1dc91def6164da47ab77070a618c715d392a9cbfa9e39b3cefbd5cab1be5ba9c4324b3

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\window_size_plugin.dll

Filesize
551KB

MD5
8147bd2f71221360338cd14e3e7ea323

SHA1
e59ac3f40454e7a4e8abd63945994b836f283c80

SHA256
e0976cceaced3fcb2c93821d760381acd8bcb59b02d2e4df8468cd021c65d96a

SHA512
f7faac494aa4347545b7a17ef56f3e05751d43425a17b80b9c9923924251cc5dff306e5ceed18f856c84236a5ae174519c5fcb91726352b7b31ed73f399400b2

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\window_size_plugin.dll

Filesize
183KB

MD5
3097b1b26bcdc370041d50fd23837eb7

SHA1
8a514ebb4fd4cd4becd26d7bfe7b31c5ba5f640e

SHA256
7afba842e672e4e021e8b9d92a71cb2b9bf23904f06ff77be5ec9b7b6a77ee6e

SHA512
062a974103821796c0830b8d5f0e9a849624f31f419492d89dd57fadf4dd1eb84c1a93e281a1a92854b60a2d07303fed60e59127b3849fbfbe5392315d30ecab

Download Submit
C:\Users\Admin\AppData\Local\rustdesk\window_size_plugin.dll

Filesize
46KB

MD5
0745856894629b00fccf2e382f4cf497

SHA1
92d2923f8d9060a6a06f4a182a7990b366f75fac

SHA256
5d44faaae62e5990892bbbc5d6ec7bd1fe58929d20fe867d35cdab1023e66fc7

SHA512
162aa2f53490330cc929b2e71bd5726a87398ab8372c12a7a0714df80aef2db17b4e86aea7d767868b0a75707d8d90804332c193c507a9cf721cf06bfdd9e107

Download Submit
memory/3484-170-0x0000016951DE0000-0x0000016952A71000-memory.dmp

Filesize
12.6MB

Download
memory/3484-179-0x0000016951CC0000-0x0000016951CC1000-memory.dmp

Filesize
4KB

Download
memory/3484-176-0x0000016951DE0000-0x0000016952A71000-memory.dmp

Filesize
12.6MB

Download
memory/3484-133-0x0000016951C80000-0x0000016951C81000-memory.dmp

Filesize
4KB

Download
memory/3484-155-0x0000016951DE0000-0x0000016952A71000-memory.dmp

Filesize
12.6MB

Download