55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
88s
max time network
171s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
2640	AnyDesk.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2572	chrome.exe
2572	chrome.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: SeDebugPrivilege	2088	taskmgr.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2612	AnyDesk.exe
2612	AnyDesk.exe
2612	AnyDesk.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2088	taskmgr.exe
2612	AnyDesk.exe
2612	AnyDesk.exe
2612	AnyDesk.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2640	2880	AnyDesk.exe	27
PID 2880 wrote to memory of 2640	2880	AnyDesk.exe	27
PID 2880 wrote to memory of 2640	2880	AnyDesk.exe	27
PID 2880 wrote to memory of 2640	2880	AnyDesk.exe	27
PID 2880 wrote to memory of 2612	2880	AnyDesk.exe	28
PID 2880 wrote to memory of 2612	2880	AnyDesk.exe	28
PID 2880 wrote to memory of 2612	2880	AnyDesk.exe	28
PID 2880 wrote to memory of 2612	2880	AnyDesk.exe	28
PID 2572 wrote to memory of 2520	2572	chrome.exe	30
PID 2572 wrote to memory of 2520	2572	chrome.exe	30
PID 2572 wrote to memory of 2520	2572	chrome.exe	30
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 2284	2572	chrome.exe	35
PID 2572 wrote to memory of 1924	2572	chrome.exe	36
PID 2572 wrote to memory of 1924	2572	chrome.exe	36
PID 2572 wrote to memory of 1924	2572	chrome.exe	36
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37
PID 2572 wrote to memory of 1916	2572	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66a9758,0x7fef66a9768,0x7fef66a9778
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1356 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2836 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1272,i,470650831500896653,8719372444545253439,131072 /prefetch:8
  2⤵
  PID:1472

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e1b0aec5672f855d27ee5fb69e4685e6

SHA1
73f8ecde7d5089c66ab860a0d1d1fd4e309f79b2

SHA256
3b320415f7f6dfcb3812e3f1897e41639b23a5117eb9de2ada9e3e91aab5fddf

SHA512
5ef42ab419af5695b2e25a2620f5f08bea46b3f27ee4094bf3334a53571e9b697f7cb7e609df35a3797fd9b773ecadf1b23d1115680a51e4cdb9fafadbc8499f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cc4e6688-5b84-4065-a096-d7010b1daa74.tmp

Filesize
4KB

MD5
800ea5751015e0f0003f9b3da256785a

SHA1
b155b26778a3f8e04953ec3f8a1a4a9f48f80cee

SHA256
b0c43f85a579a3935e796f79a9195cc92f98e5380e2bf8eda59d67061ea7717d

SHA512
a0f67152b1ad9c9c79a636b0a688dbea973356bd0950f4c4546c4b18bd899d58b13c2499a8bb64da327f3c16b29de0c9e57ebd606f9be8f20ee22f450a0136e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8e67d33c402cd05e531d523aaeb447c2

SHA1
91d86cffe8acbc83a64117e5078ffaa16f194fa9

SHA256
a1821472633a1afaea8fcf2f91b259902c3eb7ccd6beb501c90c03f0d62f10db

SHA512
2456b280459891f4263d6e39401db974bbf0e3a0b66148ca0d5a0617472553b93938df698cbb1630359837fb4fe8b53551d53727b57a83a399fc2762e2181ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf77c63c.TMP

Filesize
129KB

MD5
bd42b401573b50edec763c0e76dd5ba1

SHA1
fc6bb1325e24775f71857fc05eb9d45ccb88118e

SHA256
5f59f40549be91c04accf08f38166e15081154c3585d817ee9d3c623b735a19c

SHA512
93dd9eff343f5bdfdee218008601afe0535559568b41337fa0f0c2146b45045907a55ded45d7ee0ac73f826dcf8cb08d263a6d72fc22c80e98af9be109aa5616

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
1945f727d58d57d41dd379a00817705f

SHA1
3f0f7d0fed5507f830623aae8189aaca47a0ff3a

SHA256
76565bff150d7449073355afefc215b499abc19f02ff64dbb9e5f249b911c6b8

SHA512
ed4661f7fc970c93257c21c99b9cf634cf58f5641f24dd1621a55e9b1fcfdfd4109d7a549d5e7a13bec44dc2d863d8be51193a78ecfad35dec82ae13ae26a34c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
f37db2741f58492a09d976b72e9eb8ab

SHA1
8970452b290d694d0760d8d94c3c5d46f27b19b0

SHA256
7859b0983b233ceaeaacfbecb1e0e4287f9f181785ea83c57f4107957118a497

SHA512
9b40f35cc5aa2b5926cedb5045e4655f127cec1cab052def6ab5071cec8fd3ff4a47c6fe849c5481513e599d12282b54112a9d42bc53e3434dc0cac1e45dc586

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a932ad3483db064892c1cd87d0d857e4

SHA1
acc5a01689bf53d3baf6bffa62bc2ffb03aac4e9

SHA256
10ef346f6990641ac346ee1409cab8cff716f13862aaac026bf563ba700705fa

SHA512
573aeb4fd3d117b98084921ed118b653ffecfdf6d8017bd07ebaacd31fc924ebe6be41493129bacbb1bdff5a9272488f63bc0e68c0e4bcbf380f7135890be395

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e516c51036ab4d20a7786323a884df74

SHA1
94d6d5693f462864c1b81cbd7ac77f970fb1b23a

SHA256
009e049e2c466344cc50136c609f2d8a63f7c94e539fa278675e948634a94d4e

SHA512
6dc25ff3745c5e4a72156921d5438148db9a3aed5f2d86ea396392c6e2c44dc630874e2ad5e9e078c961d54ede441c2490686895fbc512cc8caef21f01250db2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
676B

MD5
dded6620dfbb38ca61c73697892d701f

SHA1
45c6a2c840fdf8cd349621164b3acde8ac6b8b45

SHA256
2882cf78f021cbbe4e5eee12399878b260d8c4bc300d3de724c63ca3d647e6f6

SHA512
f944a0f50a9dbe857a5381dc57fe9eefcb32db426b9c2b32c9ef2e828a589cc18c51a97bbcbe85ef4480b3d5bc7c150af0702e1a305fb4d7ecae7399c9fd4175

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
3891a3109987600d912a6ed176d67977

SHA1
bc73f3a0e16c6eefe5fc69c83a5f5b98a1a39dfe

SHA256
3140b8e2c8e1da943d57ecbb299601aa0bcb42c3d9e7d81f226e7ee038d3a488

SHA512
9432c3790c33a876486a78745fd275fcb303ac0bea0942640a4bb0a66c895d6b66b91021c5827b73b40c5a4df8911355191fc2ef9c424bc43b1f7ba9a453fc31

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
7e312fa9292a6fce41df743deb403cf5

SHA1
5e19de0dd8ce9a218e64cccfa8c61477d4a4476b

SHA256
87f8179473eb49067059d12388ea23183860265ec00cae634c64cc3c4a041da6

SHA512
5e8668d068195658733813c29d8c6c4046faae3aab92138f8aa34de8831926ff973d2d1293f19f696ef5fe89f9c466108af2bd2ab18a0e8407fd149b5eb05bd4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6585774d0db39ed747de05d036a03a02

SHA1
06f8bf51affb5803c892fb418dd8858474412057

SHA256
fe40e8b4c1de6d67ce7b8496b895313305bb9c3ecc5f02d7c2705080a8960259

SHA512
d2815ff53c8337571afd6a5effc8f687e0f0624ea876151f82ae0bc8e07a0fe5357a5b68d89837a0a32f430f1e5dc51702d38981ca93d2b8503101bff51b091b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
41b71dba379c25907a64ec3072968097

SHA1
25d6b7dbe514c36812b52548d62b80b456f03aea

SHA256
90e56afa6cb0b3fd740746e2859e52c319c107ea961559b54e270fd72e073a93

SHA512
c3c4d322d40b9f61c09fa6020185061a2ab640c1ddb8911ddb06856ef5bb361aa16b179a3439afcea3bc8dac555e058be76d4348598ed1cb4e4815df96070bac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
bea15b521b967eb604ddecfd6afa61c6

SHA1
191cf74b1a8fa1d823a46a6fc0f79c026f3848ac

SHA256
b8bc82c9b694b847d45a1fa3792e52fd9e23a7c2c6ded3deaef53166e45ade64

SHA512
42434801e22ed23245b47b06fa2d445d1a98f0f6f340fb102d68ed91cb38e4455611d5bd3869361f7f1c987e32f2a8131f37f914feed9bc3f4ccc5ea24441cdf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
c78dd2f17e41775d197235668949be47

SHA1
fb42bd7500cb488f5eda042b26881fdaa1cc4d29

SHA256
e422c2bb9bf04b9caebf9e24705795dec83bd91eaa9a743679b85871e03550c5

SHA512
a9fb12a2aec8709b29c13b38c91276f62c3c8f09a9deb8fba061b82324381b5cfeeb7a1c9788c825272bd46672727213b7334da848077b69b39d28aa1f2b83f8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
200192997c58094058e4fd08a5dc06c3

SHA1
b686b8cfab0cac82b210dd8e9bb1f055f53d9ecc

SHA256
c81b2308320d7c213df91acf6fc2a00bb32889655174a4faaa8cd38db80b534b

SHA512
ab214c0fc22194ed9fb6ddeaadb933d98fb672f9603b71d42c23d2c3e0b9f50996442967c6ca92a216c0cee81074f9a5dccf78f79f69d79462bde16183ef44f6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
64dcc3cfbe2f54b70d27975c025b574a

SHA1
d47bedb5c3b1533d08f34d77db70b95d0928fe47

SHA256
ae414730ecf400f0d37b2dfaeda5a0ccc454fb0fb5493abba4e0d9d34c7a9fb2

SHA512
7449af9f12d12d8b6d0503b3c15ed911ef601251c8e1ff6ae0b86727cdafa4cca560f04ef915fd3de2d4b86d36a740ba6ede69df67b3da2c53f8471877e92314

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cd69b117f3ed836075a680eb022e24b0

SHA1
e341a24a3e2e7906a06ef6734ce0858a8c81f519

SHA256
76c11d6b08ec21ba516db44bbcd101cfc478ac80a099ec270b4374470d205dbf

SHA512
74c4c7cbab3663d677aa07823add46183195bac981a55413efadd696b8c448a3f45374b5492dc6f5303ea77e0faa2cd13dc451500ea8b240b44cfaa74caa6731

Download Submit
memory/2088-374-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-368-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-434-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-320-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-323-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-318-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-169-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-414-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-317-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-413-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-321-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-369-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-375-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2088-314-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2612-313-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2612-102-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2612-12-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2612-92-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2612-152-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/2612-33-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2612-355-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2612-139-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-32-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-27-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2640-82-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-122-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-399-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-354-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-216-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-387-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2640-13-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-28-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-94-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-315-0x0000000005010000-0x0000000005011000-memory.dmp

Filesize
4KB

Download
memory/2880-316-0x0000000004860000-0x0000000004861000-memory.dmp

Filesize
4KB

Download
memory/2880-319-0x0000000004870000-0x0000000004871000-memory.dmp

Filesize
4KB

Download
memory/2880-386-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-22-0x0000000003A10000-0x0000000003A11000-memory.dmp

Filesize
4KB

Download
memory/2880-4-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/2880-23-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

Filesize
4KB

Download
memory/2880-1-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-322-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-0-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download
memory/2880-119-0x0000000000E80000-0x00000000025B7000-memory.dmp

Filesize
23.2MB

Download