55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
10-02-2024 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4984	AnyDesk.exe
4984	AnyDesk.exe
4452	msedge.exe
4452	msedge.exe
732	identity_helper.exe
732	identity_helper.exe
3328	msedge.exe
3328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3140	AnyDesk.exe
3140	AnyDesk.exe
3140	AnyDesk.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
3140	AnyDesk.exe
3140	AnyDesk.exe
3140	AnyDesk.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 4984	2344	AnyDesk.exe	78
PID 2344 wrote to memory of 4984	2344	AnyDesk.exe	78
PID 2344 wrote to memory of 4984	2344	AnyDesk.exe	78
PID 2344 wrote to memory of 3140	2344	AnyDesk.exe	77
PID 2344 wrote to memory of 3140	2344	AnyDesk.exe	77
PID 2344 wrote to memory of 3140	2344	AnyDesk.exe	77
PID 2344 wrote to memory of 3936	2344	AnyDesk.exe	80
PID 2344 wrote to memory of 3936	2344	AnyDesk.exe	80
PID 2344 wrote to memory of 3936	2344	AnyDesk.exe	80
PID 3936 wrote to memory of 4452	3936	AnyDesk.exe	81
PID 3936 wrote to memory of 4452	3936	AnyDesk.exe	81
PID 4452 wrote to memory of 3824	4452	msedge.exe	84
PID 4452 wrote to memory of 3824	4452	msedge.exe	84
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 5100	4452	msedge.exe	85
PID 4452 wrote to memory of 884	4452	msedge.exe	86
PID 4452 wrote to memory of 884	4452	msedge.exe	86
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87
PID 4452 wrote to memory of 996	4452	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3140
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --frontend
  2⤵
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.anydesk.com/knowledge/quick-start-guide?utm_medium=app&utm_source=adwin
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1e3e3cb8,0x7ffe1e3e3cc8,0x7ffe1e3e3cd8
      4⤵
      PID:3824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
      4⤵
      PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
      4⤵
      PID:884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
      4⤵
      PID:996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:2516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:1164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
      4⤵
      PID:4848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,8982134775783282678,11706664701467162388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
      4⤵
      PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d943a8cf4efd126466512b0952309e2a

SHA1
6a2398d0f51bd03726846cf3e63cf057c9089fb4

SHA256
193acec13684c624ad94981200e722c9acaeb9e7b9df41fcd20de8a3169c2302

SHA512
604e55c870302f893ba79432a41da9ba923001ecc7ce764d8372207cc6bcc7a5f7f44f61c14e21415f292d6746a1abe678df3f496b7231b52e571221b8fd1322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
acc150bc88b0208a8dace02dd7621601

SHA1
95a72685f2f9e78778429073838fccb000351af6

SHA256
50e9f7708d6d776807281bc7bd82a8bfbdb7afc72a8b853a39c8a11393b82b22

SHA512
3c994c86cd88d8ebdb6d62ca735e252f78ceb916d5cf1014231d8e15fde21e0aae9ea0c861cb3f4dab589cc987bc49c43686e3bbc76b71cd8fcee6fa9cc127ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6e2dc4463204fd714a6295031659baa

SHA1
3b70d0bc5e8df656c07163ed693bf84e3f964365

SHA256
3cac5f911775f18340ce554d1524f0e1584a01f16ce4ee0301472343e60a1577

SHA512
c095ebbac2efe20c2d1e3419c93794e41227bedfb2a0d7b8c79aed29b340c03a60e06af432d99ee9e7b6c73c301591329fc32b7aef625a4a2458f7d737715f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9ebd57785d9d77b61e18f961d4ae058

SHA1
ef482f65f09f84955498a3693043f093c8d73988

SHA256
4d7d235dd1b03be30d86526f1b1277f504ef00caf09cc02ed7f1a94596395627

SHA512
273f7a675b7974b6fc95a6cd46013aa6df9b4c304c55bf93f3130f60300899bf7fa3fe8324eb7d660bda27c594627d836b3d04f9a6044e768bed1575e2bb0a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
33130e483ebc2102af1931e8652e80c2

SHA1
c85ee2dfcfe0412a7f889d6c99683c68701de266

SHA256
4ffe2aa7958200bcec78f528989220a64ac519dd68d0de46ecd05927bd9eabaf

SHA512
488329eba0283fbabe6f3a025414b8dd6ddfb7c66d182b50a7c4b15f9e686e7c4847083167040e60021ff5dec303f89458c37f4b0b5571d2b9ba7ba49f6f8398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
856c496cbb941cf4a0b656e50486de8b

SHA1
639f14c68acd3884d7e529bac1b8338a682c901c

SHA256
37bfc606f052353d764db967c7ea233da674764126919763f741a939c1f5d9c6

SHA512
fecb363827015f1f79bbae4754abae985f718dae03aba176413c28a3968f3aed34240c8d36ad2920ba7c13815ebe86aa2b87615c6fba3b8b65f671b32c6ebb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
8319133fb921f37c02e0a33d2bc1ed51

SHA1
582667847d6a322d688cc434b2089b9e29b7b7d5

SHA256
a4ed6afd33cd5b6b3fced5e62b30a5c9612087d56741fb37be07e8ff0aae2fbc

SHA512
e7bc4b67f24273da6669fa6b14b0dfbd191120bdec622e3a9e82fbaad554c22ef8ebd8189fbf5805186e79b7482cbedc94569eb394ab9c390fee1e9f8678f6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
3f5e7ca052e4a967da5b9d8abfb63a4c

SHA1
1a299c1bafcb470b1eea13aef2e23295180f1e16

SHA256
44cbc9254e8ee787baf00f692e58ea5f90572611c8890be57dd28dce744e34b0

SHA512
da09e919b946dedf63c7c286a58e9617049c2cdd1d6d9f2306f425dc0b8453a183dc4e7516c5a44bfaacb21f0f52aed3a1fc662eeb8da8aeead7183ec2b7ba08

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
30KB

MD5
efa2e2e0bd12efb5c208b1beba149df3

SHA1
de9a4e120bdc4a7c14e901304d66650d145dc3e9

SHA256
ae2806ed02c93a2fcf642d1ed03cce60aaa549c5ca690843156e68e8b713625f

SHA512
1461e93cac74ab0e5cda361103c3edf0356cf603dd4080dfb79db1d04b019bb27e1a506c7d10410360f0f19da03b3815b88700c514b995a5e417b99a905b5811

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
20351db16c787dc3c4e9b5fd057605c0

SHA1
3c01ebf0eddd4f317ecdab9683fe1c643cd243f8

SHA256
da80e4807f073338b5c06f23ff12e76c2bcda1e1b4bbeeb60f1ec24741be8294

SHA512
51dcd5ca20e63517ad850c3afe4d6fe4727e30f9d03979333f48c90f2c1fb411356bc0d7f68d78c19b35e37c2d2b155d440f96b7cbd10af8ca3e7911b8ba71b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
20KB

MD5
dd13ca48cd06c2a028b5e245f836fa0a

SHA1
411fc5cfdf0c925f1d22353abe47c7b40ba7d782

SHA256
4cdc739cdfb54583ae4185153363661567263adbfdd0731a3869942f51de13cc

SHA512
9b016d23f3d36a623128f4891816bf0dab6be467917a5adf69f8b2d68141748ba641bba54a91dde09fb0cfbb8911b0e46a9545ebde7f30a44bf006c3e32fbf43

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
49baf4bf614c09664f48f59322be8e84

SHA1
9d40beaac5aec0657f10d84214f1fbb06debfeb1

SHA256
f20b0319b02a9aca8fea14a469245f8a8e3d70f8a02498cccdfcc53ca7eb4906

SHA512
f1dac550ad1465510c4e89aaa42836314cdb6080953e0e38594b7e1705a82674b8e183e6eaa42c3870c9c970e748a7ad4cf7a364961c3fa9edf82d278e083f3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
d33e01996f04326e699381c219e36154

SHA1
2745b7a8d76b93fd7f9296b7054f06400b6a21d5

SHA256
124e917a614ed4b315c66ea526f38374bfc8d3d41bdf31c38a0f452a2833c814

SHA512
1253139093b6278047a0f92856ad7efcd6fe1cba01ec26c24c5f4a84cc50f61060125abef3dce5dd6e836c595fe17a852de84a24c291aa1a9424e8f1bb8bf611

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
49446347fb8028b17e9448620e6f7368

SHA1
c0c5afdf8b8b3b30bdb2baad6335feb2f50af6f4

SHA256
dfe9a54d71eda23de936c28a7e557fd6ef3becdd3ed0fbc78eb43df6c53e3f2d

SHA512
c2e72410bd76c2a844c4824a0aa01352f311e764fcda6354d799711caae8d7c638099783b78012783a5f5f6a250308664e9b55ac6131eb63e694c0158f006b91

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
aaa6f7c8fc762fdf965a9056d458eae3

SHA1
fa1c0fba3af90b6e294356357daa69f96f6aa1a3

SHA256
57eda354ff7312c9e75a0bc8fa38f5f9b91da8e5a0edbf341b2903b8d5d4748c

SHA512
9d676ab64fd09c7934bb06b6e247aa08b28f0ca966b7c566b63b3b1d3f16d78013b6e5b2a051732b3250a716d037f7e03379116ff8ffc2e96ad092276e92677e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4d1971aae1c075151336016eb2aa90b5

SHA1
86ef7544d84319699d5dc4ebcfd3c200c392cafc

SHA256
28587c01f36ed40a21228da452e7f09deefd6755d55743c72d0a62cb81b290ea

SHA512
e41efd980703a1a22069ab19627cfac67c775c3ef1349851881d4990a02b3808e8969b6ee1a9da21338a834dda4b9cd118e7ca317eb733a72e714f0d2f805627

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f806912c33b8bb0bb88e67d7638eff81

SHA1
000fe305d5dee6c67108420e2f9ff8761c807cee

SHA256
ccb72aba47d27f9d433d1b8d97cfccb29bab259cadc826b230e3ff1f210a5c7d

SHA512
eecdc99be8f2300d067e10043ce73f117f550e0e8cc6d5c92a1ea37ec920a16719c0527ffb5ee205d55c0b1a4f101d57cc2a4c244e28fce6f377847718d9dff9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
23d6c20ba2d07f75799ad13c1bce95ca

SHA1
06c32dec6382a8e3f87a53bdfb4ce3e2ad1ddeae

SHA256
b2987eecb3b26f229fcd47755ab4b982d90b139669755e61d56e3cbbe461c001

SHA512
0bc7170fae52b161e7bb203e24f60e235192d7a4d51b8490d74afd3dbcc092aa8f3cede4a842e46cea246993c72ddd3bbb2dcb8fd556745142b68354fb672ce6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5f5432c23b14945bb179e8f42b5dbae0

SHA1
3113ba395195f6f0b030eaae6c0ffc439b842b5a

SHA256
38cb2b4770f8a5a77edfc26b2ac7d42cdaa49654c8619e18a41ff47583775b96

SHA512
d091568add7d105023d155909ad9b9eadeb7cce6b78a773b246c64295a275a3ecf0c5c0ddd778ca6d643360a5f109958d33b1d974ce833ff13bbdb5447a29168

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8a97a9eef38241f8073f4161c75352b9

SHA1
7df320de75b895861a95ea08d571de69437aa9c9

SHA256
1f6246e82b6968eb3ba74fe65c8bc9c7f5bbb0068d4c85a7147fe388f7031c07

SHA512
165cb3606456785bc7116b8e908a7cda542940a3a04a818645735bf9d3915818e1af6cd72bc22f710bcf7d46476a149bc6a3ab4f3d63216b16e0199d371a802e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
fa1aa56934801bf8bae457af812fe78f

SHA1
0fffae0d784bdc991fa2370a5771eafa88fedc31

SHA256
949c9b8147f5d7fdf1e6174523725d52317428295eb12d7e048fd1b9a065a0bf

SHA512
5a0e94eb453bda31c831ab47f20e6521b8927ebafb1fc3ef99a9fa8ed596e92679b294dc08ac62bdd1f3f8782118b7cfe0ccf41aa84efff6300673bc6f1ba365

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
b8ef1ce110c9b9aa5bf6e2664862426f

SHA1
862b3f7230618d6f67b66e7f7979984841798769

SHA256
ea8cb9938752c29922b6e6706144f6f57fc019c418544f15f2497de7022bf884

SHA512
f34822b6aebec5f8128f90082d1bf11d17d101d7099e9a02717ee16fe8be88e40b93f2cf223ed334f6f50076132ac5039debc229fc899eea4b2492f59e3d11ea

Download Submit
memory/2344-32-0x00000000059A0000-0x00000000059A1000-memory.dmp

Filesize
4KB

Download
memory/2344-99-0x00000000077B0000-0x00000000077B1000-memory.dmp

Filesize
4KB

Download
memory/2344-1-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/2344-6-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/2344-23-0x00000000059B0000-0x00000000059B1000-memory.dmp

Filesize
4KB

Download
memory/2344-0-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/2344-156-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/2344-100-0x0000000007070000-0x0000000007071000-memory.dmp

Filesize
4KB

Download
memory/2344-109-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3140-115-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3140-551-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3140-12-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3140-33-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/3936-316-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3936-222-0x0000000008460000-0x0000000008461000-memory.dmp

Filesize
4KB

Download
memory/3936-221-0x00000000065B0000-0x00000000065B1000-memory.dmp

Filesize
4KB

Download
memory/3936-182-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3936-224-0x0000000007C70000-0x0000000007C71000-memory.dmp

Filesize
4KB

Download
memory/3936-197-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/3936-220-0x00000000065A0000-0x00000000065A1000-memory.dmp

Filesize
4KB

Download
memory/3936-223-0x0000000004410000-0x0000000004411000-memory.dmp

Filesize
4KB

Download
memory/3936-358-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-314-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-347-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-155-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-13-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-30-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/4984-181-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-550-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download
memory/4984-114-0x0000000000D50000-0x0000000002487000-memory.dmp

Filesize
23.2MB

Download