fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Analysis

max time kernel
153s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exeAnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

AnyDesk.exe

pid	Process
4932	AnyDesk.exe
4932	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description	pid	Process
Token: SeDebugPrivilege	920	firefox.exe
Token: SeDebugPrivilege	920	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AnyDesk.exefirefox.exe

pid	Process
3980	AnyDesk.exe
3980	AnyDesk.exe
3980	AnyDesk.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

Processes:

AnyDesk.exefirefox.exe

pid	Process
3980	AnyDesk.exe
3980	AnyDesk.exe
3980	AnyDesk.exe
920	firefox.exe
920	firefox.exe
920	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
920	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AnyDesk.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 3904 wrote to memory of 4932	3904	AnyDesk.exe	84
PID 3904 wrote to memory of 4932	3904	AnyDesk.exe	84
PID 3904 wrote to memory of 4932	3904	AnyDesk.exe	84
PID 3904 wrote to memory of 3980	3904	AnyDesk.exe	85
PID 3904 wrote to memory of 3980	3904	AnyDesk.exe	85
PID 3904 wrote to memory of 3980	3904	AnyDesk.exe	85
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 4512 wrote to memory of 920	4512	firefox.exe	99
PID 920 wrote to memory of 1464	920	firefox.exe	100
PID 920 wrote to memory of 1464	920	firefox.exe	100
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101
PID 920 wrote to memory of 4560	920	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:1868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.0.1700722788\1775511160" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ac2f08-b3cb-44bf-966d-e0e92d35da6f} 920 "\\.\pipe\gecko-crash-server-pipe.920" 1964 276d13f5e58 gpu
    3⤵
    PID:1464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.1.739405531\722035279" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {000bfd7c-b73c-4d27-8901-7b0d5738797f} 920 "\\.\pipe\gecko-crash-server-pipe.920" 2364 276d12fc358 socket
    3⤵
    PID:4560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.2.1126478248\1887217865" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {236cfda4-cc48-4521-9343-9b4a7dfbba78} 920 "\\.\pipe\gecko-crash-server-pipe.920" 2956 276d5598958 tab
    3⤵
    PID:3316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.3.2144519224\2055980705" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9abc2f7-9e1e-4e02-a713-863b20d07cfa} 920 "\\.\pipe\gecko-crash-server-pipe.920" 3624 276c4b6a858 tab
    3⤵
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.4.1626002945\648132397" -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25444ff3-8131-4fe1-96f9-080a7235a18c} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4084 276d6a09958 tab
    3⤵
    PID:1256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.6.789820669\768242308" -childID 5 -isForBrowser -prefsHandle 5056 -prefMapHandle 5060 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d146b597-6fb9-441d-92fc-1a3f89f0131e} 920 "\\.\pipe\gecko-crash-server-pipe.920" 5044 276d77c8758 tab
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.7.1457416356\949868943" -childID 6 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3032e502-c693-4fa0-9c4f-6b038ae321ce} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4912 276d77ca858 tab
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="920.5.131089554\1758294789" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4928 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2b00541-72a9-4cfe-b305-2e03758a0c75} 920 "\\.\pipe\gecko-crash-server-pipe.920" 4932 276c4b5fe58 tab
    3⤵
    PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
78702623f08c2477b1478053e886065c

SHA1
54ecd009c694fc759036c13bce26f11755cec618

SHA256
516a277d5860c006bf2c98dd82c47395430149c4baec8aa267e0ac59bc4e0221

SHA512
4ade6a1c15cde08f8326f8996ef5b1baeae7943fb7039da08b9423bf08de4ab05506a94753dd8b77b7cf5b7a62cdf75e3a752a6a6b8a67c9e83414e88cbd5fe8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
e7f84203a3edaddf2d282dc289ac22e7

SHA1
0f1addf83b39fdef46b3abbf1fd671685bd43ca4

SHA256
5c2f126f3e9b7931ad909f698cf9e2b57120e0934a6957daa4586831df159169

SHA512
6d4f48d0943002319c3a857f9dcdf03ad090a514273e78558c4d56aa5e84698fa3e359b56fe8e3ee9be35f90859f756955437bc1f5515e2bf500c98b2688b9f2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a6261c44f2e6f6a37a920a80a3fe789f

SHA1
c509191b2c5427db92189c2cece8064ce2355d9c

SHA256
9b81ed738cb249017758fbd8f988a44ceebe28dafd6fb32353088bd79166eac8

SHA512
9a86266bd54132e7f38c2c1398a3b4f2535900bf6f0a89ee8dc7e4821cd190b9099fad5791cae567020c103539972a4c8c6feba4c078102f6aea976efbfdd4b1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
91ae5bcbaf34c828f65941e890f7707f

SHA1
b04ecb43469dd47ad44250e5af585d5632dae971

SHA256
6e4f6990a259d97a77c3c7542115c32ab86063bcfaba3b1e8b6239c36e557161

SHA512
f8effde72e465ed584651a0a54a1543624340d53f54c8a4d348beeb99e39d9af2ad4c9dafe1359e006406f0f2a7f0b0a66adcc6da6bc139bc2131c264d019f42

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
612B

MD5
b70e55daf014a64ef24b948be1492ae6

SHA1
5394637155567863bcc94932cdd7a929c5b9f849

SHA256
fe60627f26da74867186ff4c2222e7ec516eb61c0c5422bd15d1f038fb82bc4f

SHA512
5d4889282ef3cbfa376cf72c2812ea5bd76dedbc88ddd9d176a0c48dda1b7bc93b8b2cecd790ad6edc4cd34fa3f8745b1deb80e67cd14bfe608a0dcb22c5487f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
738B

MD5
150c2b870d0ef96730d47495a48c05dd

SHA1
20afe131456c687bc52dedcd0e002e7a1de7f9be

SHA256
429c84044d1f0651cdceeb55db5dfe9389e26d109186fe01925033f4f176f293

SHA512
f81d58a636b39d8403d989f0e1a91ee82ea9f17f5d396cc2ca40ac3f4958ef76ecf3609c7815d51d0f5b52b6c4a60e9bb8177ea0b638e5f69ec2ac4c8bd07a22

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
4b56d0345a60793cf8c41a8989b8873b

SHA1
5fc90fb3d3bf2acaa5bfb8560be4c967fe240fce

SHA256
97d941d53e88b6ad04b0464b009c46b0cf877a2a0b70a656212fe70a6c9b9b8f

SHA512
d9dc76e94b6beaa29715ac4793762a7715348a5eed7a522e5e5f3dc5176414415e89253232f216dae35dccbc18055064649a1772451b1eea33c24fe58fca0516

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
849B

MD5
38c12b414828810048eb74b82fe66cd7

SHA1
062eb4316eda1c0d830aa22599e561436f56e618

SHA256
580100f73a4ca6f6622f15d8465b7a6be7631d570602391c847b839842ed58e8

SHA512
284154a704df928c0e9d974af07e659a3f8d6442e8d8542f2c8b1a9d5d2f50506cf36d9cab350ebf12930d41212fedfd316fa5e3963dd86487d9e7bfbfa5fd0f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
6d4de61d4968087387722dc6b916be51

SHA1
8884e891ee0a71333b8bf792896da13dd45e51e3

SHA256
cc1f02be722a509fc2f35fef8ae3eb3697137b03871dabc95abf871d0b37c699

SHA512
e84f277fc89c66f8ac1270c404979866fc1b97a5a005ac8adbf9c852b4deffbbe2068905ec95b641a838aa84aa4a91bac51e90b8ccd9de1704f5b0a10a7259d0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
beb9a9c310b103fb0a05e7517452e049

SHA1
f372ac6dfaf697aa6841e0a11e9620ee9a4a4073

SHA256
ac948f054f1b21e5cbaa47a1e31b8e8d49cda1ebc5bc0c54c42f910620e67385

SHA512
a13b930663a93765b1fb97cf4ae3fb730b44305b1430a8d07ce3e1715cb2bf7a9482669c4b1b14a79caeb374767b8cd714c6a483b224cc8993b136bef1003738

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
841771e4b4ba276a4a8a95961b67c964

SHA1
0657b7cdbfac1f51f21670ea8ff9db1162e24565

SHA256
4ceace0bcedefd09c9fb740f1c3ca4ee726f347f1919a2c10d62b2b5c9f1aa5a

SHA512
7e3149bd7f35b31c41da1b6030197ce5453a96b785f33631b128388e87ecb9faa32c817fb7e50bf1efa1cb9a1d736b472fe6b996d9d71c1585228807e2ffcabb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
4KB

MD5
37b5bfdd20dcf888d38d813f6ba019ca

SHA1
2461a6f28b239527f3954f39e293e38f68e2dae2

SHA256
13e42d4855076fc78d35536c4824172723994f698b85e5bef54f26b749d6b678

SHA512
4a66f5a5a27dad0c87ddc9385bc82fd1d15da1c8f06e161fefbfadce3b88ee2dd47c06887f1c195e9ecfabc268abd9fa522c5962460af2361410d2a42de82118

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
4KB

MD5
beb17273d640ca0092b7e26a26ba2eed

SHA1
1dcc24c4e4d3b5308d402c947abef630bd001af2

SHA256
d345125e8e80e5cedacf93aedc6d10e37485ec5db16872d8d9ebcc5a44360905

SHA512
b8a67abfa9c7c5422e77671114eac25e0dc09b93c94b9680e6173ff9234e20d2b01c696108146fdd5a6382bd291ff13718e4894a6990e2e54104ef235029841c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
08d4c0b29e276dbc86f65f1779b7b9e6

SHA1
ac450413a73e305be1df194fe85f928a5ac07ebf

SHA256
82a7cd118c41a25ec779f0d1690c36db8f0d1d129a79056000dd03d4e7ad6750

SHA512
6aa3d0598213f4c2b685c8ba5363795f93d076a34d7a0238718f9a4a57416dd4b54fb76d5335814d2fbab26d19e66ff807e47ad541e2237298598e55b1302751

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
2198a86adc7b378a47296a13a58d6970

SHA1
1da0f42785c8b5fb4cda94563764a6c640d68a76

SHA256
263cb8469b460afc3b22a9747d9556bf2f5b9d2da789abb0bc56cf0e5bf2b69f

SHA512
5c0ce9635e19f4bb8ae37d80a7dadf4b5176caecd92564e681c9b3feae4b9ead1105b6b11467469838e4dafaeed25d537c67d9d3c59537cd414c6b95a669640f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4a90bf46d0af14e2a932bef0f1c3f3b7

SHA1
7e2289759380f3db4a95af1673564d959fd774e9

SHA256
29ff9b3ff056d03cf9e0dcc0f8188440f14caa8eea3c37a23a98b3523e8981a7

SHA512
728f9cd8d5911fea91903fa840ff6fc0e4ae3f31c2a6be0b9d5a0454872b5c6a251148f086514e1c1a03fdf7c8b1c2993fb3cafc0f5695b1b80af21542cf3b86

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5eca01f7b84b07ca6ec6181487490726

SHA1
b20a38ff4d581a5790786900d48428c4ba3dee2a

SHA256
52a63651a098d4ca5b45675bae25d5c76cde592966df4d40956604d766f0338c

SHA512
ce0ae26ea211b254b70ac1a4162e90d409e490f61e7e38d028ff0e0e3cc7efc52c87b140441a40e2884b2c4f4dfcc099beab2390820faa62338eb0e29bf3b872

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2eb4dec8b86f27505ad69cb02072133f

SHA1
333f28da00fb193cfb2bede41ae3b9cb0c06948a

SHA256
1f7058e8222c1885158ed9f5ada4e72c2072e67e8ebbf5320b27b1a0edd96cdf

SHA512
ad1813c4623c493e1648eed698530030769b73432aa1950d70f32e078204ac64b347ff0376f2228a9c6cced6f57e97fa036b9a6c833000106715270ee1ea6fc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\dda5c59f-5ba6-4fd6-98c5-f616b5acdfe8

Filesize
746B

MD5
34fdf98149c9188c5ecc408eaa860b00

SHA1
b985426343959167e6b6f7165dea24529e90e7c5

SHA256
74b52dbeaf8be6c47c620b5ac584f74a69b9c5ea9c2f51f624e1cae8dda3961f

SHA512
9ea698438bdb20e71e96f258d1b1a64b8163c5fac0b54fa81d9171cf2619171d5e2d54814fa176050a60d53547eb0407cd893ce040dd3aac8fdd2ba31d44b15b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\fdeb804a-e013-4cd2-89db-33f0c15dfd7a

Filesize
12KB

MD5
49ae4be5f45a8a8b1581e57575f5c78c

SHA1
984b4e52b712c58727307a8b8f9ff8ccd455e4de

SHA256
f3a85886af7e78abcb649f1b1ffa03dc789afc54cdc3828fd54bbb1d834e2449

SHA512
e94098ead95190934bed92cabe114c5d15d4c90cfec0c7ef23b6a8737714db5476a206d5b426b3b2e4451eb8576a7e6343109647cece2018b58d3047a31d8299

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

Filesize
6KB

MD5
875e1475e59b47a9af218dd7eafbd30e

SHA1
7dac1faff3a0a70e2a77bd5f6498632c1a48646c

SHA256
6c5f0d8d0434d58362eb08095af02b878d550d2addbf97ece102b1db34a093bf

SHA512
98fc58f5563eebf63e056c4f9566374c583c2e7fb7b0422858c7304244963970077b0fc6fd19ec225870d6f7d19d59681ff8c230063ba319b3ea4ed3d04ba30a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
32c66d355168edc7ca70086708eab2e9

SHA1
2569636b2b8e76542853c0d9b567dbc932baad6f

SHA256
c1aea2dae53f3f9ee512aa2ac0c81ef294e9b40e0b2bd15d61358bd494b5e2b4

SHA512
2cd7a80feca4c35578a9d797cad3275e9e320bacb235c2076649ba6ce9f969ce649d36cd2eefaf2b3f81444d5a3c2061f19186299b1f03266ba5ccd0f11c235d

Download Submit
memory/3904-1-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/3904-82-0x0000000007550000-0x0000000007551000-memory.dmp

Filesize
4KB

Download
memory/3904-3-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/3904-208-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/3904-22-0x00000000055C0000-0x00000000055C1000-memory.dmp

Filesize
4KB

Download
memory/3904-0-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/3904-19-0x00000000055B0000-0x00000000055B1000-memory.dmp

Filesize
4KB

Download
memory/3980-28-0x0000000001690000-0x0000000001691000-memory.dmp

Filesize
4KB

Download
memory/3980-212-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/3980-18-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/3980-17-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/4932-211-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download
memory/4932-16-0x0000000000440000-0x00000000014BE000-memory.dmp

Filesize
16.5MB

Download