55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
69s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/02/2024, 17:06

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\2229298842\1885275044.pri	LogonUI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "63"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3176	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4312	AnyDesk.exe
4312	AnyDesk.exe
4312	AnyDesk.exe
4312	AnyDesk.exe
4312	AnyDesk.exe
4312	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4312	AnyDesk.exe
Token: 33	4420	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4420	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe
3176	AnyDesk.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2492	AnyDesk.exe
2492	AnyDesk.exe
4464	LogonUI.exe
4464	LogonUI.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 4312	1368	AnyDesk.exe	83
PID 1368 wrote to memory of 4312	1368	AnyDesk.exe	83
PID 1368 wrote to memory of 4312	1368	AnyDesk.exe	83
PID 1368 wrote to memory of 3176	1368	AnyDesk.exe	84
PID 1368 wrote to memory of 3176	1368	AnyDesk.exe	84
PID 1368 wrote to memory of 3176	1368	AnyDesk.exe	84

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4312
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:2492
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4420

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3998855 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
88b6e0cc8261492c7585c2b9104d7432

SHA1
e8d4b5140ffb4a429f9a47104d6630e26c66c71a

SHA256
42d2691e187c273ebdcf66ab479d6fa4d71aa3ccce2e9519981d90dfeb3f3d82

SHA512
0538870aa5a6aaaa80548911e20e64c0760ff5ea1f7f1b3338f05285c40813aa8b1f7016e362529ca9e7cf680d96a3bd523cccfc037ac60250d707a3bcd1a405

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
3f106a62da036950fa2b8ada61c43f14

SHA1
50e59fa130f156582adea0be42054ca8a45ad1ba

SHA256
b94dd4be9b4fc0d22fd9fbdf8a9e8318dc88073c0046eea223e60bbb48e063f5

SHA512
b9456c2ecd0f73ffb896ddc11afe35a909793e7c9c3c019e7654567dfad3a65e50c0f4f338eaa43f414a3af2766e5843f45757d74787222caf7a6f8d5af67a49

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
41KB

MD5
05447c0b04de9ee8f536987421607dbc

SHA1
348ae3b07e4b82f794b85788c52537677d17ed85

SHA256
1361e29618fc645bdd3e32f2a86370d84e11e31385d4f2a7b590ef4725024a0f

SHA512
d9ff8ad4c69a0fe3cac8f7eb8c7653037ba93aa364328577a8a1c9de7fa3acb663fdc7940cc3edc1db1970d9a5d50530e63aa4f0bfd54896f476ffd517cf272b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e88ddb6d014fe2a05abc5fec59a011a8

SHA1
f64cdc3b9ab4d43eec64ad7f62560ba45233be89

SHA256
3384460435bc77292ef5054cf0896a92c202a416ea3b629865f0a523d947a864

SHA512
dfd1be7711dd4cd8c6cfb191017a8c31d345dc3d18c0be1fa96799f69ce933e922042d695453e72065dac49849c3a52e6c094bf640e1a44134b2f9216c203072

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7e0e586bfbbed4e04045b5f1120f1996

SHA1
77d435c074bc057e94ca16a01638c357eaa201ba

SHA256
44a85e869969def8be053a45884537abae5f0c86e8e8558523c903af53fd1fbe

SHA512
3373ce2e8f2ca7a6041194b7afa223beacf86e28e1acc280018929746dd8d65cad9d44dac67892b2e79abf240d4d117945072d24394329ec35ba51c3ff3ad48e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
572c17a2b247e8ffb9cf9951e0edcece

SHA1
05bc97317406d37e8384cc98bb2afb620055eef7

SHA256
737a5e84b5227dfe7f09e59e609c0c502bf2e6407d9724a94270da038fd3bc8f

SHA512
841342c0e5994e2263daf713cce82b9cefc3fa7b27e04355eb73c197fdb6484167616b0df9356a4dea37683efba340e12fc5543fa8d4be0ece1814f65227dea2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
6d1c7f1574cbdfb292901f114e1b3b98

SHA1
895a60c4696053898dfa61db9990e8487ce5d23e

SHA256
cb9b0a22804aac7553fe3b6860ffa5236f74c57fed0cec452907876b9b0f2bdb

SHA512
b1279868a27d16f1e5b14e722ac8909e7a54d9743fafe7ba16ebef3c8b81b048c17fd8ccd8cc507f3b6edad30358e41cc864c14123d9353a6dd825d9f3e2e78a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
d94a676d9fd5f31d1f49f1b7e272d450

SHA1
b2b5347ae3b8a674bf97a5172a222580c9218b3f

SHA256
bff09417accb9e8215044321f91023bbb317bd72f9a8cc15fc11a6cc34eea7d1

SHA512
a1ca44aee8658240fcc3afd476debe00eddc2affd5bf8cdb07cd7eefcfd16e46497fcd2a17021e4b98a1b6a207dab5c8f6414734ee84c3e55e766b1c03615ca5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
ef9c420ce76a964eb24b1b5f661e2ce5

SHA1
dc49a3e952ffded8d7a772ddc8bba91f363db1a8

SHA256
4c7eeb7b173df9531dd3f40c9c2262f974a7eb7f37a2bc30b203f18a0f331c74

SHA512
cb5be8db94e9f1db147c0766f786b99621a2dd85e70db2887c0232372c45a8058c95121a82fdbc31474b84ebe00d601a126b1f370b5d407228d2bd94bae3d178

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
ed4943b0a6b9a1664288ffc44f22406e

SHA1
05443c6375eb519c6088600c5b49c9b90d527595

SHA256
ef9957042aed86f213fa887f6c763451d3ec3cf9a5de77804badd3297b9a2780

SHA512
d3ce702e64a237ecf784eb6013dbded213585f3a97d77d4051335c47c450b4e8ec98d9bc9a9ee8ed6d78d70db483cf574379a577717edb812e982d2b4dc976c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8182dbfeeccaa5a39ecd4e5f80c66d65

SHA1
002dc6a2809aa395270372cb50b542f93336c2c8

SHA256
6faf01da40ee7bc8487f69a6a86814aa9f6521dd3f2ef29b15a95825e8e646aa

SHA512
787d887e698bd2bcdc0e61105c3241ca0a383bf3824c575ee52a25f5230ede77a0c09be4c33e01c6f59aaeaec804d67e9f085aded42c40f51b83459dbefe5073

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
0913de0236e8eadb60cd3ff4455488bd

SHA1
23f5bd7a1edd4850a3ff2a6d08039bc9f1a0d4da

SHA256
0db74f027d850c14f75209aad3d4ef8b17af690ebb5bb6192a24d1abcb4731b9

SHA512
3f7fed6803cc2bc2f2dc0a09f45b8ac75edc5a6853ecc67dfb74c913c281e060ddae97c206c6861ff9da2ced4991fc7c08053f3b1e5821618594154ab451ff28

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
95bc22e0a6a091c7a3b73018256a86f9

SHA1
28ea9d7967048d7784d0d4c08119f638dbe97672

SHA256
32a7cea2d5f22481d954a679f70195108303f5b1eed46270eba74c013c7326be

SHA512
bdb820c164dc0f8ea2ead4ff4bd8a6ab28d14a39033f1ea8c899257d0b99046b4a20c4ba0b86777324271c054e88e095d1cd23f25980af6f41740805b00f81a7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
af3138fe76c62745a190f8c5deb4282c

SHA1
305783a39538251164fb060450121767117ff594

SHA256
dc7c7f6e50c85f16931393ef87350059a2129b09980868f5d5a713c75dbf51ce

SHA512
9128c8d8967350068400cdef02de91d02f7d6c2b896f20f6c25fa10a041f51b2917099146451e13d181c14abbfc1d73d8f038f8eed8dd780bf400fc6fa1e2c4a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
278b1a1f41ba05c6d93d0273d6a1dec5

SHA1
67d81252c7d744497b3d27c81f35d4004e5d8a93

SHA256
756e9d74bfa33128da790df48add52c3fa8427f35394117fb2ecbe8f8148d209

SHA512
25ef385c33dca032d5538eb4889caf5bee6c0cdcd95d380d2e88c40770929dcc19b0f3f4df86971728cda3a4bf1b137e091060fe57552df17773356b6991aa2a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
139dda664801f2867fb85fe7c500b8ab

SHA1
ea6ce8dd5fce721e6c29af2329d87e18b3aa515a

SHA256
4e6b9cd6515de90213ebaf3acd89e7d58edb0b7c77cec10c6621a3a1a9cdf589

SHA512
f79513114ea69c2322793690aa15270f1eb069701650fa2d9a220d223e175b89d941812435907ba1ab214da68d10bc78e037cde3da627bb28d62eceeb0cecbdc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
02bde4743f8aa36a1cc80dac663eb8cd

SHA1
597b606c630b90e4eb0893ff5413db7185b19962

SHA256
9e67d046a05ce29f19865d31896d8143af8ec08c5c79fb652b934d609f418bef

SHA512
8206680faa97e6beda17ba458e07e7d343af0cc8ac4e4279119eac4b8e6d1c681174481ed8399d0fde4ab5d3acd366b72b55a4ea154e04facb5f3ace0ad50e81

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f120a9251316b6344161a3e3041df8ab

SHA1
4bae29333e0a0752b2a07bc3efde91e8235ea2cb

SHA256
bd45984cc01012dc67140abe1db5dc58512ae496916dc0665cd678fa60be48c1

SHA512
7da24fe492cc1682e096a1d54681edb592cb85578852b87dbf6a829105cde3816c5b342f88b3a59a4a4cbf831b88951cfd7c919749c95c964ebe0dc50f41c102

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b1c921b5ae9a4cee9bd2e1ad587cbeac

SHA1
aa5d2c7a1fa650f828ae376d7ce9826a4699e0f7

SHA256
b110eba83ce87bc2cb45363d90f50399a1f11106add18c64f73b6e62a729f4c2

SHA512
50100d59744c22eb221cfea22de65bc466377185acf5f2016304c3dd46a76d3d2b795d5b60f7a447a50446dd78e97fd151d5dcae65f5d25aa7fe5e3e4c31f14c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
04c1921dcc8cc61c58c582a784340e6d

SHA1
1678155fac0ef7de5ec4ae99ac69220ceeb37b81

SHA256
329d9ed33640f4d2126a789f68d32b3b6626240ece5b8495c5a14caa41832903

SHA512
25590af167d289737fcb0e71250def20a47c64aef0270e9c8c86f6f273fc10f8df6cd785043d3d0a76f7618cc39ec44dc332397b34fd4faa28e3e201a845eac0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
1049a2e612886c082bc8d6d5f1ad07d7

SHA1
7113a33b0cf298b7d80caf4a442e4484fe7224f3

SHA256
045e11d7296ed2cc9df7f0ce6f1159a8398b66b09ea410430d8e95248d47ce4d

SHA512
1f453b0199268cf813f9ee21fb7aade6bf28420645c9aa15f376b9b7c3d9bc1effc299736334bee6142e4bf82f7ebb83c6c4e5f67a9b5b0a42804a4a3d6d0ae0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c8d7d47100b7446d810b4b700e5559e2

SHA1
6ea2264cc96a0b2eb999515d936f6475bfda6b5c

SHA256
b5ba4d0e6caf1d8ef9a35a5bb671866d0ceeb35773542a2cc6178aedeba1f1e6

SHA512
8914138dc3f42dd2ec1e64b52843ee6b4140d8b025e7974fa45232ed538cbc081fafb9b997b8c6652b3393d5875ef0541d7955543f378676bdb953144f23e0e0

Download Submit
memory/1368-308-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/1368-104-0x00000000076D0000-0x00000000076D1000-memory.dmp

Filesize
4KB

Download
memory/1368-103-0x0000000008520000-0x0000000008521000-memory.dmp

Filesize
4KB

Download
memory/1368-84-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/1368-307-0x00000000062F0000-0x00000000062F1000-memory.dmp

Filesize
4KB

Download
memory/1368-0-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/1368-23-0x0000000005F40000-0x0000000005F41000-memory.dmp

Filesize
4KB

Download
memory/1368-22-0x0000000005F50000-0x0000000005F51000-memory.dmp

Filesize
4KB

Download
memory/1368-235-0x00000000076E0000-0x00000000076E1000-memory.dmp

Filesize
4KB

Download
memory/1368-309-0x0000000006330000-0x0000000006331000-memory.dmp

Filesize
4KB

Download
memory/1368-306-0x0000000006320000-0x0000000006321000-memory.dmp

Filesize
4KB

Download
memory/1368-305-0x0000000006310000-0x0000000006311000-memory.dmp

Filesize
4KB

Download
memory/1368-248-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/1368-304-0x0000000006040000-0x0000000006041000-memory.dmp

Filesize
4KB

Download
memory/1368-310-0x0000000006340000-0x0000000006341000-memory.dmp

Filesize
4KB

Download
memory/1368-3-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/1368-1-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/2492-264-0x0000000005E30000-0x0000000005E31000-memory.dmp

Filesize
4KB

Download
memory/2492-287-0x0000000006160000-0x0000000006161000-memory.dmp

Filesize
4KB

Download
memory/2492-265-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/2492-266-0x0000000005E70000-0x0000000005E71000-memory.dmp

Filesize
4KB

Download
memory/2492-267-0x0000000006000000-0x0000000006001000-memory.dmp

Filesize
4KB

Download
memory/2492-268-0x0000000006010000-0x0000000006011000-memory.dmp

Filesize
4KB

Download
memory/2492-269-0x0000000006030000-0x0000000006031000-memory.dmp

Filesize
4KB

Download
memory/2492-271-0x0000000006050000-0x0000000006051000-memory.dmp

Filesize
4KB

Download
memory/2492-270-0x0000000006040000-0x0000000006041000-memory.dmp

Filesize
4KB

Download
memory/2492-273-0x0000000006080000-0x0000000006081000-memory.dmp

Filesize
4KB

Download
memory/2492-272-0x0000000006070000-0x0000000006071000-memory.dmp

Filesize
4KB

Download
memory/2492-274-0x0000000006090000-0x0000000006091000-memory.dmp

Filesize
4KB

Download
memory/2492-275-0x00000000060A0000-0x00000000060A1000-memory.dmp

Filesize
4KB

Download
memory/2492-276-0x00000000060B0000-0x00000000060B1000-memory.dmp

Filesize
4KB

Download
memory/2492-277-0x00000000060C0000-0x00000000060C1000-memory.dmp

Filesize
4KB

Download
memory/2492-278-0x00000000060D0000-0x00000000060D1000-memory.dmp

Filesize
4KB

Download
memory/2492-279-0x00000000060E0000-0x00000000060E1000-memory.dmp

Filesize
4KB

Download
memory/2492-286-0x0000000006150000-0x0000000006151000-memory.dmp

Filesize
4KB

Download
memory/2492-285-0x0000000006140000-0x0000000006141000-memory.dmp

Filesize
4KB

Download
memory/2492-284-0x0000000006130000-0x0000000006131000-memory.dmp

Filesize
4KB

Download
memory/2492-283-0x0000000006120000-0x0000000006121000-memory.dmp

Filesize
4KB

Download
memory/2492-282-0x0000000006110000-0x0000000006111000-memory.dmp

Filesize
4KB

Download
memory/2492-281-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/2492-319-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/2492-280-0x00000000060F0000-0x00000000060F1000-memory.dmp

Filesize
4KB

Download
memory/2492-289-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/2492-257-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2492-251-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/2492-303-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/2492-297-0x00000000089F0000-0x00000000089F1000-memory.dmp

Filesize
4KB

Download
memory/2492-296-0x0000000008690000-0x0000000008691000-memory.dmp

Filesize
4KB

Download
memory/2492-300-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/3176-28-0x0000000003EB0000-0x0000000003EB1000-memory.dmp

Filesize
4KB

Download
memory/3176-318-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/3176-294-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/3176-314-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/3176-247-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/3176-18-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/4312-32-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/4312-298-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/4312-246-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/4312-19-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/4312-293-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/4312-256-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download
memory/4312-262-0x0000000000710000-0x0000000001E47000-memory.dmp

Filesize
23.2MB

Download