55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
72s
max time network
78s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3984	AnyDesk.exe
3984	AnyDesk.exe
1588	AnyDesk.exe
1588	AnyDesk.exe
3672	msedge.exe
3672	msedge.exe
1440	msedge.exe
1440	msedge.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
1344	identity_helper.exe
1344	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4220	AnyDesk.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
1440	msedge.exe

Suspicious use of SendNotifyMessage 19 IoCs

pid	Process
4220	AnyDesk.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
4220	AnyDesk.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
4220	AnyDesk.exe
4220	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 3984	1588	AnyDesk.exe	78
PID 1588 wrote to memory of 3984	1588	AnyDesk.exe	78
PID 1588 wrote to memory of 3984	1588	AnyDesk.exe	78
PID 1588 wrote to memory of 4220	1588	AnyDesk.exe	77
PID 1588 wrote to memory of 4220	1588	AnyDesk.exe	77
PID 1588 wrote to memory of 4220	1588	AnyDesk.exe	77
PID 1440 wrote to memory of 2828	1440	msedge.exe	90
PID 1440 wrote to memory of 2828	1440	msedge.exe	90
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 4880	1440	msedge.exe	93
PID 1440 wrote to memory of 3672	1440	msedge.exe	91
PID 1440 wrote to memory of 3672	1440	msedge.exe	91
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92
PID 1440 wrote to memory of 4996	1440	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4220
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbb51e3cb8,0x7ffbb51e3cc8,0x7ffbb51e3cd8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,17683243891003409866,15298962802835277494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a17cdb1d2f99f0e60f6799abdba3997a

SHA1
751e5502111c4060357d4b0b57b9d7eb547960a1

SHA256
6db0baff3080611c62322ccbbb900cfa200dcf53d81455d411724f21746def25

SHA512
66e12a82d4715e7fcbf9256fcd3b8782713f2d5447c849815e4f123e9a1fd2571d6a2d3fd7ceef0e3b0e06ae9d21ec2f7168de4d7866bfb76db45d8f555da940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
677e2b09656a074e35e0f265cc276dac

SHA1
3d441dbb87dcbff2a6e2df9a88b36cc7a2496709

SHA256
0cd161dadf82d0ae19a7ed0133e1e2f48988e7083718b71be5ace25f1f3c5b8b

SHA512
8d19da7a306e2e281e89a4483ac2a5697407eaddec1b1f74e93923c7bb1f29ba14f4a1c7de098cd4f57e3183e78ce905f80a8b515199fe0cfb4d640a13d2a5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ab2d5352142bf2e2108a61b9ee3c530

SHA1
90f51daf6d739309d392b84d9d3f48db9cef1c2c

SHA256
d50f42bfcecdb296934268faf83ab8bb6005a4e46d5efd62becef5cbce0c6c2e

SHA512
c445b19db67bc58f641b63bea7f3798b428f52d1833e86fffa190a1bd903b9c330c5b0d1b37509d6ad1d9cfc0dd978d7bcd3e8d6be0056c34c8c5a0a283ae1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
bcf845d079a549701f849bdca2712d51

SHA1
647198315abd28a25e5b74c20dd1c149c103b366

SHA256
03d8df77c46b891112146ef28cebf5da19b1cc6f7d532fd73e5f8a836461c00d

SHA512
e30784e3b6af789a4f450395f9f4b4dfc423aaa8f2300e1df832ccd8f2fecb10727e87de4caedc6253025345a75ffa36dbd8fa3dd13abb160fa7d01e737dcd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c27116739728fe76a3876740934c0c6

SHA1
0d27ef0b85ede9c066fd630189258cd8c9a3f1ac

SHA256
495979df9af2ac542acd5a4f37ac457878b5e07e4cf67c7ef93e01018f22af5e

SHA512
98948eb3b971ef8ea29bd38d4dc4f6f21a4d50f07f1c918382a1721a6210605b250246dbe34dd5ea6731e32ad36dc67145868cb995eabb4f92fa3ec39b63f9ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
79793a9411575b1195a790549ca93600

SHA1
44c0195c2006a913311ff381a865913a344526c3

SHA256
73a71a9fdd11a188cd284301462a6371a7e6412818a352af9591de159d90d26d

SHA512
3ec622f6c2c5080a033da8ca49214d4036e01e13444c7c6e7016249320727a0d7152b0b5916d300497453e6f63eff77cbc64eb4452b865a3926573fc58142a3a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
5f10093a1e9ac442aec188839b656e0e

SHA1
f66f179f34f5fdf614dd503b3e01e645b645bf4a

SHA256
a9e4e6fbadc253e990f37dabcbe41f37f09ce40e42a07312efeec0d10c251819

SHA512
27efda2b0f29af9ff6966b1ebd79f1dcaa1f642a18b53ba081743d22c485c3c4638e6d3fd96c0643bf994e6a25ea17c01581fe1c992b7c0c09b072778371dc9b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
14fbb8d002d1048a92d5ee5e782ef625

SHA1
cef2325c42e9229ba73deb5a35b24f29f9f83ec7

SHA256
459ea235e29e35cbe57e1d725d074d6caa15a87d621990ef15b3d9283110b3dd

SHA512
7db90aa3f924b1f4818025b2aac8410086e2a1d9a45aec963afa566ad031c7db92748c78c82aaa7863d7f9f9ef6bbe8c66c56ecfbfca93ded3821e8cd359e8a4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
f981fb8693916566681f012e9bee67e3

SHA1
d55d7f3c1e38ec87324cf11ebaa89dc3d5a4adba

SHA256
6a98d9ceb5d3c6d5f225ebbb41a54fb7ce4611c8a016c1d3fa44283d9f5a2045

SHA512
82ec3a2561253996032ee8b52c1bc5e9081edcd34494d2bb35ff9adeb40b003c93d690e548d759721f089aae500be47763352891ee7377b610e72f1663b2ef39

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
3b17d5bb9cfd790efc09c32055bf4291

SHA1
c71468accddfe991c8f2dc5c5bc0d750eabfdf41

SHA256
1ea85a919fd1c9d080bd09542aa52386a9b4922bb616535cceb004a3039790bb

SHA512
3f8af7862cf43f02a92525479d4ec6f5932b5144b4aa9dadbf59d94ba8e6579d83cfdf7587f82a1479f5f0fffc7efcb0b52253f5f87b6614ee364ec4ac102b83

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
73dccbe81ef69de0cf8efae0a1a9a779

SHA1
4dd976590740806f98dbcd94db21accf561c3b7f

SHA256
68fbbfc770e0c803687e89ff6d9385625262fd5273ac2daa7ad92035894767c5

SHA512
f3541497bd8afadec0789dc4bae640039d760298afcc46dab6dbd42095f1beefb57b61585d5b1cfafdc9388936d378e0e1911b8846b0e5a23a90add5954a04f3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
30f9e9559fbc85dd93fdba04b81fad00

SHA1
93d2a4b4b259161b078078ceaa4f8b06886e3dba

SHA256
f106253a1d1bb92731dc95b50839d8f288c39f56dfba786cc323cd7de56d6a62

SHA512
584f30db7bfe5394211068d01f155f062eb560f80723048b1171816b95c261081c6b2200971aa1a694e59f8ed203695bdde8b3b9ec34455eab04db169adfe9aa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
b30319e90b009eb5ec44efea85a70371

SHA1
ebde03fb947384c04102f6e96cbb662f251654fc

SHA256
61c76e4ec49943eed488e75a21b469baad4738fc8c7dd236261f9f24379fe93f

SHA512
1a4b6709088a3ce3a8ae5f08b0cc5a9e3894315f99916eaec474a7ed9591d62c9da65c558962500efe4473c119faf6661fdf204c56033eac0f11e6ada7478284

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
aaa9c4082df0e0b353218428c68f6d28

SHA1
358ecfa2186ffeb205c4c6422240027741e63048

SHA256
4baf13b71c60b5cd1372b7198ba9609dcd0a0a2f089f282d890c4db4ac326205

SHA512
fc254dfee24a97c435de259bf99bfec7f678dfbbf0b637da9abf84c36806ef64aab175f22057ab607f702c90e6ba2455f543323d9483488e9107a2c462192660

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
87b998f3b2088ad2a9986b08fa0aec59

SHA1
8fa6e7f1a3f27cd0881eff76b93bad1a6ebe1b0e

SHA256
439adbd2905849d809463f6fa2317d7ba29d5383ce156723209e03be638bc0b1

SHA512
b976f9c13ae09769e4ca85368ceef14ce5ae8c7f1091fc5d9d35a461608daab71f8821d6eb53bf3d5f5e33f91804b833fb8f68f72b3de1b0e88ab6a5660c2926

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
5eb8e3ffb44e2d9ea0641ecb556a1541

SHA1
f622733301912e975f9020327d8b469516bfe48e

SHA256
3680e5c1f08c089424b9e7d497fc34e8e5ee905b21d861f0181e8e144c963367

SHA512
a7608af4f3e37fbcaf234aead8566589b8e064cbdf9f3f5159094739b85f5841582d0621b47c5b3dec1279c2d7f9d6638e60194602e309afad318b6b81450391

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ad4cd342badd44d1304da612fbf7d4ee

SHA1
078920fba60a95cebf375b262658c5b8e8b9b35e

SHA256
50d673567e2563764cd1cef9747c7f209fdb38972b32a1d03c91b9fcb0ecd51f

SHA512
2bb812c4969fa9cadb8beb9e57e4335fda8dcefd1b3559199bdadae118e343fcdfe28b95b84a7513abb78ff41a2dd3cd2c4937ad0c10bcf5f2f61fb3fd70845e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0d803a2063478e21dea2e44f749b5aa4

SHA1
01c92aa5ee174f34cd37deb68ddc5c08fd9089f3

SHA256
9b5569faa108c9ded7855202a1517bf9c74a0cc5fe1a47209c5661be8c35361c

SHA512
6bde360ebcfb5d542ad9a6a54a25705dcc4be7df2f3ff73466186f7b17b06782917c2e01b994690bfc18b2d18cc876f198e956b17bc6832cd623f1ccdd544cac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
74f4fb1cf747d2af47480d466fd6f22e

SHA1
f4d0550f9c5af12c1874f8f248f03256a1c0e2d2

SHA256
f85c5503880195e94b1cbc5c021b5163f34adcf9b7a440f3a8d51b147ca3ef5e

SHA512
13c03478d23679160d1008108b7339f7bd92e667528255ba3faaa2b8d5725c4afb365ecda05ba71750ef8de5d7d6fd59a00bd7cb974c5f4b719648416ddc394e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
4fe662349d4f40bd41a22da16f00389b

SHA1
81196c4024d5baaa777174df5cab7865e6724d17

SHA256
462bc68db8161c5fa3320d4546a6cefa3cfd527580f794bfa341154f5b58fd71

SHA512
91ae6e785d6d97cd840ad96414be4f7b70ee1bebef9074df0da2bc611bbd4bbec903639eabcb201ac6f60ebb2c997407d044b10febebf57de5f01ffc6b93bf61

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
6a62b95793046d784f464af7d124ba50

SHA1
40a5f7a01db63f6a02832c439062f353d2c2ed72

SHA256
9f8bfc19a39a24f1170853363bba53bcd5333697160d9e45ce316fa73dacc4af

SHA512
a719ce61946875bac9417286483ea41cf69f2a3cc752e50a2136308ee4826d9e724258d6017e11b69c560a8c51cbdf00de23ccc33c8b1fe95e6c7f59e41bb829

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a35161c535f6c5da7c75ff348fe9ef81

SHA1
70db7ab8e59beb6ece1bfe3e75c03dc32db9160a

SHA256
33bd91760a2f923a3dbcb07a3085a1e0c3ad4a2379a3da092552e6f33013c2aa

SHA512
a2836b2990ad05fc8590ae70dc28baa71be0cdefa7814623ed6099e84ccca53c5d886a857ac20aaa65058b0f1ad14dae1abbb15015f0ad08c4ba1686a7d146db

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2135a90063e62fdfa019737efbfef18d

SHA1
b281e98bcf6d495b53056be2f1c56b53fab490bf

SHA256
62e5b051320c2295ee3500553fd73dd8c6a922185230762bb9803f1ee6250de0

SHA512
9399c8a3e976386149b20e5acac58c167b7c71a6b4060f1ba248e162bcbf6277d4967a90c25ac6368a379bed6a4a9708a6a031f5e522680becbf3e1eb3deb0c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
72bd7cef8c362739879ad210f5a3f984

SHA1
c357f7104a928b5b08487ef2ad09d72b6ffb8491

SHA256
322579182f902fc54148f9ef49bf26a16119b331bfd0082ef878815fbc6fc9fc

SHA512
d563e706df67ca9e52b0047041978814cad38d57907a348ad9f7e36330348dcaf20f3ee43b135bfce5c096984aa3fef08d7ecaef914420da17e26874698772a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
60923342a280d720fd342b7355ff0223

SHA1
62d1e6b2fb60766b5fec5f6f4c4c8d77ca0421b1

SHA256
46881e171b5b119f776b030bea6251f7fbc258ee617f19fbfbf2eb69f32cbafe

SHA512
20e17ceb4e9c67a45ee4ff3943b3723be966415ac7e0f0632759876cd615b3a4399f32ef1f1f62be0e080473ac87650adc687bf8b2dc392d8866393e57ed8d39

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
ab097ae5d630e6d3a0c1117d395c30ba

SHA1
26d54f57603e11c5921b2d6d0ede4b67289c2840

SHA256
0551b8640d8adac73ff54ac96f22da4acf77c5f7a525bc7d343057ddd3a2fc7c

SHA512
13560d578f8848d47d09c039ae09c0f2d9b7e82c9b4d1c5c2a85acb3f4e4275297e8b318a7648983986c2d24257a0cdebb3f4e1f6b314c3b16b47a2dadf8b14f

Download Submit
memory/1588-109-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/1588-17-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/1588-222-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/1588-1-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/1588-4-0x0000000003D00000-0x0000000003D01000-memory.dmp

Filesize
4KB

Download
memory/1588-218-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/1588-233-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/1588-234-0x0000000003D30000-0x0000000003D31000-memory.dmp

Filesize
4KB

Download
memory/1588-235-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/1588-236-0x0000000003D50000-0x0000000003D51000-memory.dmp

Filesize
4KB

Download
memory/1588-237-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/1588-110-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/1588-0-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/1588-219-0x0000000007340000-0x0000000007341000-memory.dmp

Filesize
4KB

Download
memory/1588-18-0x0000000005C70000-0x0000000005C71000-memory.dmp

Filesize
4KB

Download
memory/1588-90-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/1588-275-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/3984-274-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/3984-220-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/3984-314-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/3984-21-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/3984-32-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/4220-26-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/4220-323-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/4220-19-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/4220-221-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/4220-230-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download
memory/4220-227-0x0000000000320000-0x0000000001A57000-memory.dmp

Filesize
23.2MB

Download