55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
126s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Drops file in System32 directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA5B.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA7D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\AnyDeskPrintDriver.gpd	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA5B.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA6C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA7C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\AnyDeskPrintDriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA7D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA9E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA9F.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA9F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\anydeskprintdriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA6C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA7C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\SETEA9E.tmp	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\AnyDesk\gcapi.dll	AnyDesk.exe
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File created	C:\Program Files (x86)\AnyDesk\gcapi.dll	AnyDesk.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\LOGS\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\LOGS\DPX\setuperr.log	expand.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	rundll32.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Executes dropped EXE 4 IoCs

pid	Process
5036	AnyDesk.exe
4384	AnyDesk.exe
4640	AnyDesk.exe
6052	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
4384	AnyDesk.exe
5036	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" \"%1\""	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol"	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
5004	AnyDesk.exe
5004	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
2924	AnyDesk.exe
5036	AnyDesk.exe
5036	AnyDesk.exe
5528	msedge.exe
5528	msedge.exe
6132	msedge.exe
6132	msedge.exe
6052	AnyDesk.exe
6052	AnyDesk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
6132	msedge.exe
6132	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeAuditPrivilege	3736	svchost.exe
Token: SeSecurityPrivilege	3736	svchost.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3624	AnyDesk.exe
3624	AnyDesk.exe
3624	AnyDesk.exe
4384	AnyDesk.exe
4384	AnyDesk.exe
4384	AnyDesk.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3624	AnyDesk.exe
3624	AnyDesk.exe
3624	AnyDesk.exe
4384	AnyDesk.exe
4384	AnyDesk.exe
4384	AnyDesk.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 5004	5016	AnyDesk.exe	93
PID 5016 wrote to memory of 5004	5016	AnyDesk.exe	93
PID 5016 wrote to memory of 5004	5016	AnyDesk.exe	93
PID 5016 wrote to memory of 3624	5016	AnyDesk.exe	94
PID 5016 wrote to memory of 3624	5016	AnyDesk.exe	94
PID 5016 wrote to memory of 3624	5016	AnyDesk.exe	94
PID 5016 wrote to memory of 2924	5016	AnyDesk.exe	109
PID 5016 wrote to memory of 2924	5016	AnyDesk.exe	109
PID 5016 wrote to memory of 2924	5016	AnyDesk.exe	109
PID 2924 wrote to memory of 1380	2924	AnyDesk.exe	114
PID 2924 wrote to memory of 1380	2924	AnyDesk.exe	114
PID 2924 wrote to memory of 1380	2924	AnyDesk.exe	114
PID 2924 wrote to memory of 4832	2924	AnyDesk.exe	116
PID 2924 wrote to memory of 4832	2924	AnyDesk.exe	116
PID 2924 wrote to memory of 4832	2924	AnyDesk.exe	116
PID 3736 wrote to memory of 3312	3736	svchost.exe	119
PID 3736 wrote to memory of 3312	3736	svchost.exe	119
PID 3312 wrote to memory of 1460	3312	DrvInst.exe	120
PID 3312 wrote to memory of 1460	3312	DrvInst.exe	120
PID 4640 wrote to memory of 6052	4640	AnyDesk.exe	128
PID 4640 wrote to memory of 6052	4640	AnyDesk.exe	128
PID 4640 wrote to memory of 6052	4640	AnyDesk.exe	128
PID 4640 wrote to memory of 6132	4640	AnyDesk.exe	129
PID 4640 wrote to memory of 6132	4640	AnyDesk.exe	129
PID 6132 wrote to memory of 4160	6132	msedge.exe	130
PID 6132 wrote to memory of 4160	6132	msedge.exe	130
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131
PID 6132 wrote to memory of 5464	6132	msedge.exe	131

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3624
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --install-driver:printer --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Windows\SysWOW64\expand.exe
    expand -F:* "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\v4.cab" "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver"
    3⤵
    - Drops file in Windows directory
    PID:1380
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /if /b "AnyDesk Printer" /f "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\AnyDeskPrintDriver.inf" /r "AD_Port" /m "AnyDesk v4 Printer Driver"
    3⤵
    - Drops file in Windows directory
    PID:4832

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5036

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4384

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\AnyDesk\AnyDesk.exe
  "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --frontend
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://my.anydesk.com/v2
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff19546f8,0x7ffff1954708,0x7ffff1954718
    3⤵
    PID:4160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14957663936027466717,9187824615554204572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:5464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14957663936027466717,9187824615554204572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14957663936027466717,9187824615554204572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
    3⤵
    PID:1992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14957663936027466717,9187824615554204572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14957663936027466717,9187824615554204572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:5676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a54c5394-cf7d-bc49-9ada-8148e9c24450}\anydeskprintdriver.inf" "9" "49a18f3d7" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\users\admin\appdata\roaming\anydesk\printer_driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:3312
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{7e291670-e71b-1a48-93ff-77d0d18b681f} Global\{926b3310-1071-e641-9543-287f7211fc68} C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\anydeskprintdriver.inf C:\Windows\System32\DriverStore\Temp\{34274fe2-e6fe-7e45-b0de-2cadebcf6e90}\AnyDeskPrintDriver.cat
    3⤵
    PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
4.6MB

MD5
a3352048ed72fb487ebbc7ff98f4ca35

SHA1
f5c10b1b55012ffc3c62451e77c33d194066826d

SHA256
ae524059f2ba5c847ea0c88073e081c01fbef6c1097110111e3b119c894de9f9

SHA512
a45026be9f8be684ca445daf7e1ad3cd84e526dc192af2da09dc999911c5aa9b268519686c84d2a34b565bcf966f359e4b16de391aebaff996657cab8a54099d

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
768KB

MD5
e11a4e2a04236b205ae33e32dfd72d4b

SHA1
7eb9f96957dd9f3252baee209572ed831f83316f

SHA256
687ac7cd4e4fd9cdf1122109cd50c670a99d7c3468304be25b9b0485a8453e52

SHA512
14c486eb81f287eaf2fb1769f4e8d72e6d46ab4e8833c03f4fcbe2d69dd6f4a7f9b3ec52cc014dae192dbfc417ec90a81aa4372dd07367c651ab86a266e49cfb

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
1.9MB

MD5
9e60214481c1dfcb650a14c8541b9da6

SHA1
b229baef67a1bfad1ddf3d91c946d065173d5054

SHA256
83a3829da6491b8f4e4eb902bb62e7ff4e360146dbf8c96e83a888c79bb95de8

SHA512
0f407a1aa5dd1839d7f1b65d509eab7e559a97c8ebdf58521dc78de7fa65ddb50d0e1c6f329857a90b50518bd13b70ce2b374d7042a303d33f8312222e275531

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
5.0MB

MD5
a21768190f3b9feae33aaef660cb7a83

SHA1
24780657328783ef50ae0964b23288e68841a421

SHA256
55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

SHA512
ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
1.2MB

MD5
60aeda8c0c39d7278d0bc9a9f241c0b5

SHA1
bb8994e99713aac88218a4cd5cc7d6cfac346fce

SHA256
af212a4b4c9f05055dee651c278deae2707fb684064d0f8ac62dccfac30b2b51

SHA512
c7fce1800125089f9b63c4a300519d55644f5bb91347f0dc887ffc23cb0b6ac96fa2677452790250290cc6a221e7fc306ed24b21dfe1c59466a8fff5620df099

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
28d1cb58d43c1f44303180c9365d6190

SHA1
4149d6a1ededa732af06de20e6f7f2ee7ffd3c70

SHA256
34a6367770ebe1a520f23afa93338d77e35e47f5fa67e9e1006b23b842141658

SHA512
c0c3f59c5eab47fbbcf3e60010c350bb91c556046667ea477cf6ab4ed389f32b77168dff7af99a333e3ed6b785a5e362003a7f7175e307295614c4ea3d3d7122

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
921B

MD5
ef5f189535dbb0e5bc5ff1484e67243a

SHA1
8a5e7f2ac17128bed2320bde3470f580ff52fef0

SHA256
0e003310f145ae298fc68b6f909f12d4a20fc11da1681882a0f2a8cc0341f26f

SHA512
7ea05c4667f0697b92e9ac2d6caaa1cb983aae9ebb7af0af9e497fafefb6c79c5099b90ccc69139d3d10b06e749b026b630532cc8a81205182a3a0a230105fe5

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
921B

MD5
9f6eeafe4ebc1a142874d2f77062bfcd

SHA1
1ab856c9becb22c1070f1a82b3778ab07f7bec09

SHA256
d08f18f3d304d0a5e3f7bdacdefffdd5a16787e9b8f688730f1376281d7c7b76

SHA512
914ab6fdd22db3f3ad8127fd2c087f52cba71a0b155af092ce9a8a55e34fc181be849ac0c2a70ce6c339de664a66bbdb1705f5e6779304095741488a032dc54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05ba4bf4f466377f0b3d6a7fbbc5b56f

SHA1
df6151cbad012e74ce6ee65921bac2aa15ecf8e5

SHA256
79c41aa94ec922fb1dea2e09b56afd65af0f8332edd5be3296dcb8346012ffbf

SHA512
201f9fecd4fa8fa2cb6d281404efab40994c8e69c66e5901d48d6c930309f0154472be83e94d721a9ebb95e617ca286c62dd304a34b26de535bf354c5041fe8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad0db0bc25d4ceb455a270f3eca8fa51

SHA1
8ffdeb1ccdb02fb7053d117e13f33d183972fc2a

SHA256
61e4826557bae6739d72c05733a08cd82e50f6b34250f9658a39824b45452953

SHA512
3fffd0f8b33d6955b1e63e37a8dc03a7d090bd696b72b8779bb18d90fd3d4685807bed060d165770f04741aafcd6bca23de39ebf0840c49eb12ab85e7aee35e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
945e5db28cc25f66476bbe485011569d

SHA1
40f4eecb82db5fb19f272534256a4e68d6af1348

SHA256
0198e40bf4b7cb229c4d9e4e93dac280dd6f14f0de60cfd954ee1b58013ff36b

SHA512
dd5cb9e24947076429a58dfdd456b2bd96a45937d166cd82d12ee9ca4acc85eb0bfc550b86bf9f849851d14fd63adbc45a72fdd2d5f885522baad976568c12dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a54c5394-cf7d-bc49-9ada-8148e9c24450}\SETE74E.tmp

Filesize
277KB

MD5
1e4faaf4e348ba202dee66d37eb0b245

SHA1
bb706971bd21f07af31157875e0521631ecf8fa5

SHA256
3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d

SHA512
008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a54c5394-cf7d-bc49-9ada-8148e9c24450}\SETE74F.tmp

Filesize
584B

MD5
b76df597dd3183163a6d19b73d28e6d3

SHA1
9f7d18a7e09b3818c32c9654fb082a784be35034

SHA256
cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33

SHA512
6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a54c5394-cf7d-bc49-9ada-8148e9c24450}\SETE76F.tmp

Filesize
271B

MD5
0d7876b516b908aab67a8e01e49c4ded

SHA1
0900c56619cd785deca4c302972e74d5facd5ec9

SHA256
98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753

SHA512
6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a54c5394-cf7d-bc49-9ada-8148e9c24450}\SETE771.tmp

Filesize
11KB

MD5
e0d32d133d4fe83b0e90aa22f16f4203

SHA1
a06b053a1324790dfd0780950d14d8fcec8a5eb9

SHA256
6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4

SHA512
c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a54c5394-cf7d-bc49-9ada-8148e9c24450}\SETE772.tmp

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
3db272bfa00cd89ce8bbd6c980f6a508

SHA1
426633570b8f4a6dc5de900c85ed0bd431dd54ba

SHA256
9ed91225b6ccac86681e2991fdae672ea901294ef698f7d0e9945f2666bf6afc

SHA512
773f4affe1252a7f8e70f36a602bd16b97d5089a03ce4e644c2401c936627ae8faeee49cd59011b619b5e832b0a807b4e29f93a88cc5b1d09afbc91967076f75

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
28KB

MD5
c8f25dfb3d38f8feb759646f3858fd97

SHA1
442a2d93f587d8e3900feff9fbc1107b8a6ab95e

SHA256
9a1633cbef1f7059c38c3b1c520160e808de19cc14c746e96eabaa1d252978af

SHA512
647a3d9958e3c1ecafe2239490e693daf4605539e378e77f3156e341c94b7da24978b58975378026f8e707a1b7a4092c05b163310ee2ba8df7526c689071e86b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
226c963ad3b259af85d64ff9f11dc916

SHA1
ebe6caa8657f7852298c509cbbd1b53e407da87c

SHA256
f3903ca501a18ac465ccc8c643adc3255a9e6fe0501f171677c808d23912b071

SHA512
8b89a86fda56b4f345c89cda95340cb64d26b5ca3c9eda6ab2889a19f8570037c22871dfaa20270a46d7a8649ba889545e8202f6edcff642783962b9926b4489

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
ae5b94271f0e7d4209963c0a5d23d1d7

SHA1
cd709d6aaf509656b1860a3aa3cf947ddd47bf6a

SHA256
359752b83fb9f2d21d426c56d5c049c548e6afb204173a605ec32bb99216a592

SHA512
a2ff7f9980b830ab82e71ce3df5e8ee11a973d779bdba7bf1cc69d6b2dc4c1c04cd007505cbf97badc759b2844be28cc59e827b6e1c8ccd092232f8f27bafa57

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
123c04f864327b0a4a71129cf9fc94ca

SHA1
bdc8f76197588a1823f19de1fb415f063253644a

SHA256
66500cea6a9ec812025393f0fbffd2b7b4fe8408a8beb68bb6c6bf1b28fddb8f

SHA512
cbb24a8b63faaef118e50a0487ad5b33d643ce9985166882fcb13b816bc28505ddeacd31215fba26db7533a8ef6e83ed99c1e95cd5709b76c7b823eb950b348e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
ec4a3aab8805389860a22c2f0b22cdd8

SHA1
d94585890960a34bae2b4b43455316463e507e0c

SHA256
6107454c3bec9c1651462584be92ff2594f6da2bc4de4dbeb74a6da7da5f5354

SHA512
44818f2aecd0e62a6b9fdae78f6444bcae72152c9f7ac39481a38c5c60d7158e2ed82c672756910ec182bfbb5d0b50c5ee55ea39d1b9dd674ce852e413cfea85

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
14bbbc972d9b09d35329917313027d85

SHA1
3da2a39017bb0dec19a66499438b61f87977a2fa

SHA256
4e4c6e2d9ae1bbcfc88cc1de524199223d01338ed72cc3db799a8fbab28d1f2d

SHA512
2fb9c313bd674f6782e22df78b2b0d288b80978307b82afaee46b1d695ebe8b3f5ab2e7709032c80f6d71aa456d67f424a2e33e7d336999a8fe3d2bc30b2b43d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
f3320546930c805423b637a997ba9412

SHA1
7223ee2f14188b02777eabaf8bfe70677866198c

SHA256
287b159bfc39063b1e009ab22367e5077534cbb1567e7c11b2a26242ba72d3b4

SHA512
84e1ce2c324f68bfb4d94226a52863ad7b867688ffd4f081335ce0a0ece87190865b754d896089547a45ba4cc129444f2b996e7b57b2866a31f7ab513a729d12

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
27fb328e87cecc30ee8bca1c3314a0f8

SHA1
be6eeab01f26e951580229e0997996d42c257b88

SHA256
a9c6c03c9893df2e14bafddb757a316dbc18016b79db2f3ee2aa6a4b14b361b6

SHA512
45e5638bb290348bf92b3861e612fbd5730c08c24c5956eac5d95aee459e832640cf8f22c2f2f23d064b2425423ab5665957cf6a840148aefa457380c4ea8968

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
01bd172d94dc1d140a475810c7e42fe4

SHA1
22c566619fe3558390b83bd59bd3d852173907ba

SHA256
c3c38b5c5876c19d9ac2f447d2e2035c4a890605bcc6e396c3ac0b7095330525

SHA512
fec932cd7bc6399f9ca10a0717386a67552b9a9fa6f3cd9ee324e4266fa268b3d7d299748edd21de29af066924efd74d20735966d9b00b08c9217ee9ec6aa6da

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f8127f22409327bc0c4d5ea01bc1b7de

SHA1
65ddc8c2ef36df1fb1a7c01d2a26c2a046c61926

SHA256
ffb94b9e83b2b578a2e82a0e78550ffaed3e374ca28b6d33ba62364c963ceb10

SHA512
4cc025f8273ec19c76f8d187049e5f76649717c0301ccefb1984a69ece47229dff02b8e01dfcaf57becc5c147b587755845ee947ff0527c6bbac30499b7729ac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
e64b036f03f864f8093d7a313b959858

SHA1
64b75429d95e5be26a009ae0040e45fe14848b6c

SHA256
d2cf97c9bd26e96c2449e8bd624d713ea0d1e8083fde3d522497678d48d671f3

SHA512
d874009e1945e03e3849981ae6cbc5501a2b5f889ed3206c71b971794ad1cff7edb01a9aeb228a58cc17bd2e4d7b483f4898e253a3905d82530c14e0c329c9a8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4fc71acd334edbbd984cd0b6e6407c37

SHA1
8b8976291115c5ab566a8e255a050dbd6486969d

SHA256
e7d6fb3de03fb349415334ff3df236812f94c6e72915387795a72a4d0b934b10

SHA512
4de8d73e74a0d7000d272d7b0a4a3712b7b2818d7c72cc6a1cef02b4826ad1b3304ac7fd8c4c922ed71438943fdff6b4c4f36f6e05173b2cc27b47569f391428

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
8d98791f8a35c712abb253d5ee163417

SHA1
48105229ed4ed00ed6ce183f6932dfb300536ba3

SHA256
6225d0cd0c22bf5ea5fd0b88026bf39cd044ced1f3902dd1ee05b62bcee63b55

SHA512
fe18a5dc5f92563c78bce5652e81fb8429c6b6e46a2f00addf408b6b3f3b2872c72a31c230fdfe2d98010c1bbc6384fa496ffa2a2ca522606b96098d476fcc1f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
806678fd0f69f7919c09915a5fd7c059

SHA1
42470064f64f14eb69872474c831281e8ea8b50b

SHA256
38afe9aaeb816f6aed5f9fe0b003fe2ec944dbc8c608dc7b4006b61cdd12563c

SHA512
b4d2f71d639d94e5eebee9bc33ab3064a804dc2abf073dffb38faa7c4ab62ca15ab57a421dbdf04ced19ede2907e92f3c0fc7cdb3c8b107bf04bc6f415ab8fa9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
c0d1929bff4a779637ec8c6acfb10c0c

SHA1
1344359a2cf4c951adeb528286c5b26d2b4be73b

SHA256
6edf3fc6a7b10928eec688ca5eb7015adb0a61d2b989827917304773f4f10698

SHA512
f89e78c0968150c36ca2cf1b18e337991aac702f29d017985a292114e83967d22c1dac2841e18b9c5c36b2d7bbaf7c8f3b2793cc77e077c9ec2b0d7dff3939e5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
74b2906ad9d667bd3ac06a0815c9a95c

SHA1
2e75f34a0d16288bb2ffced328a6a76b073be75a

SHA256
fe1cc40b758f3a4382f3a4517cfd568b9db49d375e7938fca58985684abff42e

SHA512
2dd8e60f9964996803f029f1995e887b09b299542192729982ca3c6566539ec08fcef9163231d4874c5f6c6ed5595a184ed75b3704e4c17f29e96316ef443d81

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
be2f69d9c39972788e303a56ee19c267

SHA1
e347105171229d1a93c4257900820c80a20382ea

SHA256
869550dff32e64f38f8495edb40fddb6cb8f3922fbd31dc953203873201a787f

SHA512
841b0045bb2334fb83add13750fd74c5dbe871a920b0a60ead7d79462ad2d35bf4f716a5c870e94caec7c76bdb53ad50dde2d6918a8721baad7ac2ab9dbbd475

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
63daae0f715699601dcb5318a038dfd3

SHA1
671a46f0dd3f12e8f5b1d19d63f99aa9ab62c289

SHA256
7b622cfcde5487af45e1e27668fb4805f898c53d93059b74904064d52d519820

SHA512
f119eee5fd761d04734e749d31fb9107f96cbb44ce7f3cf667578a99f2963ea0d27195e8b85eb62f9921892f1833d6d47e1ee9965e2f67cb37b3daa203c40ea0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9e7c6c30cf501a227d7b8ce8e597ec85

SHA1
5030ea2d328b66c231ea9e8a8b80ac00826a7bfe

SHA256
d4596fae53f56d3f2e7029dc960abd71b829f90ddd1cafe794b4d1e803ba5f9b

SHA512
9cd34299b0fdc63e14259134db31800acf6859c74dd6ea69c73890140d3e8d71f84678b9334a36222533c89d0a2280e3ee9bb6ab3d760094ae6b9a9f81b8a90e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
27d7b62492fa3a4c52064dc80ce4c7a6

SHA1
e77d7424be3a75d6cfb15f08ca38ea9e1a3d4ea4

SHA256
f19105d6ad53f676367dac64450b4d81ccad3d18d5be7fd70effe72ef0feac81

SHA512
9f980e6a962001c83699e52a23fa791e13a48641b1468b6064431a780b40e79c2fcf21319522b7ddc814f68cd07627a42f514de0db27a83fea1239bc90a1cab2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
6d4344cfb044016778e2a00dc966c1b6

SHA1
6d5fbcf84f75a2dc92dde24c46903d1200875b3c

SHA256
c181457444af1e84555dce24acd28e62841f70f40a7e66b96e4fced9c6776a1f

SHA512
61d628811500697ad4c444f6b96c19c7e5fc3eb5cb038e931297a527da9c835983c6022f57cafad54d67bf0bc7a008077d9bc368c7332b694217e4c7d29ef280

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
8a364dcbcfcb5bbec5f881b2c3fd2802

SHA1
a9b0379bee9171fa1fb55c9f875ee0543591db00

SHA256
f257d01b8eb32e902f0e767eab5cedc6244ed0d2249e8f0822bd65b64f552944

SHA512
10595430f15fd7ffea501f3dc6d9b7f8dcdd67ed21f4708b52534e22be6e68bcc02bfdf27793dc0a5782977f6d27c28b2fc36150c8042604b1140c60d0b0c5e7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
533771ff3becff1b41a2ec33ec072d59

SHA1
4db176ab3bca7bb36dda09c0099dfced6dbb3b19

SHA256
a98bd7ff438105313cba73164c29b7a6a61875804b71498fe3844d26a1d5dd17

SHA512
473895e8d793cdff16ad2cd578a6c7b97b657fd1acd196bbba933d690a1d08aa0d9ea0556a3080f7c6f0ffe52e8686946c8af60711dad33b62c3fb71bbbd26fb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ab0e881c2aea951b0659f7661c421053

SHA1
13753712d14b4f7f937b681b7f68ec91517ceb1d

SHA256
c66f5bd7f97aa0a5814fb32f90c165dc3209fac7cb79d5d033ad2cf0f19f8899

SHA512
7d28564c8e17383771b9ec2f784d23038edaca6981479c766bebf0241679cf682791f855145012e0f1556f1adc1b77d422a7bd495d644cf2716ecc317169bf65

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
eee60819d6a8a7297a281637eec14b01

SHA1
ba363dae3ca1a34fa950bd5be3301b880d2dd074

SHA256
9d1e5939841a115fffd115bf0f053903c33eeac20328d1b585e7e0cdeacce905

SHA512
c053a9c89ada2d6ee25c4e61097d5655e01a6d9fbc725d73a583e7fb2ed67ec85bde2b9de3b09ee2cbeb27705d701e6097621703b90840d0a99dd7373171490d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b8fa8beed9dcc8c2ab0fbc82b6bca54d

SHA1
d0bc9636854a802094bb4369fb576cdb97288405

SHA256
5da128be79dfb4fe6e416fc4734d478bef65d26fff1ddd31e99a6584f970f3d0

SHA512
23a05f59a3bc38f61038682a9947475920a272898f2cfd0ff085e699a7c980cc001aed25f94afd2e0309a834c35fc7d9feb0f74371a090817214c4624d040caf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
718b7b13222ce521fcb9f00a731dcd38

SHA1
c5ddea2b0ba9a8fabdf3addd51705022c3cf1fb1

SHA256
8163ce50762f31ca5947fc91145f632d835f34d4d8efe1a7dc0eb3d181d5d24a

SHA512
51e5a7c1a34a18dfd50ccbf002b9599e0e082c4e0b4e932edff7ca7d4c9e1a14e0fb71ea3af338772dd6959707ef1e51c5eee406b73973aa3ab1ab031c265070

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
66c882b523bac54112dd06446f97070c

SHA1
fd4f2b817c4abacacaf13b1526654d904d4f40c6

SHA256
b836a237d6677f19ca03ace305baa54a58949bf10fe58129aecad72d6b7feee2

SHA512
5deb6865a879bc7bafa4fca9ee03e6760a416ed12f769af340b14ab5ff2f772a7d658324312e9390fe4c5f25400e95f00e5fcca9e0585abd4c9b6a73262f2de6

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\v4.cab

Filesize
127KB

MD5
5a4f0869298454215cccf8b3230467b3

SHA1
924d99c6bf1351d83b97df87924b482b6711e095

SHA256
5214e8ff8454c715b10b448e496311b4ff18306ecf9cbb99a97eb0076304ce9a

SHA512
0acf25d5666113ce4b39aa4b17ce307bef1a807af208560471a508d1ecadfa667d80f97c191e187b8ea6af02128d55685a4dd0ddc6dd5aabe8b460f6bc727eee

Download Submit
memory/2924-270-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/2924-379-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/2924-281-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/2924-384-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/2924-271-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/2924-274-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3624-23-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/3624-28-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3624-248-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/4384-522-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/4384-411-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/4384-594-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/4384-504-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/4384-380-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/4640-500-0x0000000007AE0000-0x0000000007AE1000-memory.dmp

Filesize
4KB

Download
memory/4640-472-0x0000000001D20000-0x0000000001D21000-memory.dmp

Filesize
4KB

Download
memory/4640-520-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/4640-488-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

Filesize
4KB

Download
memory/4640-499-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/4640-489-0x0000000005AC0000-0x0000000005AC1000-memory.dmp

Filesize
4KB

Download
memory/4640-498-0x0000000007890000-0x0000000007891000-memory.dmp

Filesize
4KB

Download
memory/4640-416-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/4640-468-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/5004-21-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-34-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/5004-247-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-277-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-235-0x0000000007C70000-0x0000000007C71000-memory.dmp

Filesize
4KB

Download
memory/5016-259-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-93-0x0000000007C60000-0x0000000007C61000-memory.dmp

Filesize
4KB

Download
memory/5016-0-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-251-0x0000000007D90000-0x0000000007D91000-memory.dmp

Filesize
4KB

Download
memory/5016-234-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-275-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-246-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-4-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/5016-262-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-250-0x0000000007DA0000-0x0000000007DA1000-memory.dmp

Filesize
4KB

Download
memory/5016-18-0x00000000064D0000-0x00000000064D1000-memory.dmp

Filesize
4KB

Download
memory/5016-19-0x00000000064E0000-0x00000000064E1000-memory.dmp

Filesize
4KB

Download
memory/5016-256-0x0000000006610000-0x0000000006611000-memory.dmp

Filesize
4KB

Download
memory/5016-2-0x0000000000CA0000-0x00000000023D7000-memory.dmp

Filesize
23.2MB

Download
memory/5016-90-0x00000000082B0000-0x00000000082B1000-memory.dmp

Filesize
4KB

Download
memory/5016-255-0x0000000006600000-0x0000000006601000-memory.dmp

Filesize
4KB

Download
memory/5016-252-0x00000000065D0000-0x00000000065D1000-memory.dmp

Filesize
4KB

Download
memory/5036-521-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/5036-505-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/5036-503-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/5036-303-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/5036-593-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/6052-531-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/6052-574-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/6052-591-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download
memory/6052-573-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/6052-564-0x0000000005B60000-0x0000000005B61000-memory.dmp

Filesize
4KB

Download
memory/6052-563-0x0000000005B50000-0x0000000005B51000-memory.dmp

Filesize
4KB

Download
memory/6052-525-0x0000000000210000-0x0000000001947000-memory.dmp

Filesize
23.2MB

Download