Analysis

  • max time kernel
    29s
  • max time network
    28s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-05-2024 14:13

General

  • Target

    https://anydesk.com

Score
10/10

Malware Config

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 60 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://anydesk.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc48bab58,0x7ffcc48bab68,0x7ffcc48bab78
      2⤵
        PID:4160
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:2
        2⤵
          PID:4656
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
          2⤵
            PID:1296
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
            2⤵
              PID:4764
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
              2⤵
                PID:1700
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
                2⤵
                  PID:4536
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
                  2⤵
                    PID:3796
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4544 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                    2⤵
                      PID:4496
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                      2⤵
                        PID:3348
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                        2⤵
                          PID:2864
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5020 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
                          2⤵
                            PID:4776
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                            2⤵
                            • NTFS ADS
                            PID:980
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                            2⤵
                              PID:3964
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                              2⤵
                                PID:940
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                                2⤵
                                  PID:1220
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
                                  2⤵
                                    PID:700
                                  • C:\Users\Admin\Downloads\AnyDesk.exe
                                    "C:\Users\Admin\Downloads\AnyDesk.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Checks processor information in registry
                                    PID:3172
                                    • C:\Users\Admin\Downloads\AnyDesk.exe
                                      "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
                                      3⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4088
                                    • C:\Users\Admin\Downloads\AnyDesk.exe
                                      "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
                                      3⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SendNotifyMessage
                                      PID:4332
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                  1⤵
                                    PID:2556
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3744

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

                                    Filesize

                                    199KB

                                    MD5

                                    585ac11a4e8628c13c32de68f89f98d6

                                    SHA1

                                    bcea01f9deb8d6711088cb5c344ebd57997839db

                                    SHA256

                                    d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

                                    SHA512

                                    76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    984B

                                    MD5

                                    e2e0bd3346da0f0d3a245fc0d5629db8

                                    SHA1

                                    bb2607385a6ba81014842e55058c12250bd6bdf6

                                    SHA256

                                    dcd22010aa1c8c12ed704f12dbd8e84b08b016a8a9e722c8ca9225bdabfe3ef9

                                    SHA512

                                    7c5b3a32ec2a11b2ca5f558f79bb54bc3e4b557b95c57de548da52d097a913db8ff824d371ddd2ada994d8841146ffbb0b948742c928ca06d03b843a8c439fe7

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    4e52528e876a90ecda26c110b0a492be

                                    SHA1

                                    43dedbc8856be6649c5963fd0e4fd2ee18b970e4

                                    SHA256

                                    4e80810675791ea158395574eccb4b3e1121cc0f79cc14b1c70b6d9d1a8e51c8

                                    SHA512

                                    0d2ce74c64e29281c082b3be115d0e11c4c1731f6e04f4a49a8556fad82c169e03ff91275e771b648afeead562ec9cb2ae24f17e3eeee3109d4d05b68a84468b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    bc24f60febaf3c9d00f32394bd6371f6

                                    SHA1

                                    3b38db40f34af9dba02ad9dc2eea89612066f06a

                                    SHA256

                                    ab74c2d32b660bb6234212265cd5a26937a057eb584a974fed4d7d2fb74ffaa4

                                    SHA512

                                    dab44ec20c715bbcf61804cf63afc96844f8e7ea383a4e690fde516893953db4b75c202162cc175d3d9afff44bf22b7e3e5e4e880737fcfec2205df96831d438

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    4eb80e1b14eed530becce02e0d448a60

                                    SHA1

                                    3b9a459f3f04202a9c46f69b1a544306c376795c

                                    SHA256

                                    d406bba7db2ee3ec8cccf7f34bf5201cd60b0a30ac2bb52325e64828a7f8c6a7

                                    SHA512

                                    032af2f1dea7d4fc66fa861e13c6afb59ac1051b1917314be15f9abe955430d3cc335d7d7e8af992509ab8166af6c817d76e4ef25a851c4a6c68fb3ea0e965e6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

                                    Filesize

                                    105B

                                    MD5

                                    e6ca7951783e2360640120731d4ab888

                                    SHA1

                                    34b422272492d8aba32c1a2e5e5d68f7a73e7115

                                    SHA256

                                    ac81d7a3d325deccf227752789a3c8935cfda97dc622eeed42d1dd97f59edaf9

                                    SHA512

                                    5d1e01a15adfd9cd9efe1843fb814f2b103a4b85b957509cf7f25fb1ffa9cab738589786e397c47e2c15ab34a3fef8cdd8f7e009145c0b1ce55118c69f27093a

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe57befa.TMP

                                    Filesize

                                    112B

                                    MD5

                                    39d969c8616d6636c17c2b5f95f26438

                                    SHA1

                                    0161873c75330b7d2a9142339e716151f2f054c6

                                    SHA256

                                    6328442bad5d366035f2b2f935d90bf8a02ed2c45d47fb7f87eb9f74bb209c3c

                                    SHA512

                                    88b196d0f4e761f1d8c82e41cb6bdd2b692b705d339e1626b74380163877f8e2eb2645c2a1eb89dfd94e80e8faaa3c7ebb92dee0a65869f843323b1c3e7161f0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    130KB

                                    MD5

                                    7d22df2ac21023faea6dedc64d1e3d44

                                    SHA1

                                    b6b8cc91afd81feb1991205bb4f138ccb6c98ff8

                                    SHA256

                                    81b7d5d682dfaf3f15bd46830a8a45cf25923dea55acf59561deeb9a00ccb90b

                                    SHA512

                                    6d7e744e70ea362f7c0646075c99bbcde61313dd49f5f32b4b6ac355d36377e63d373a2228a229496fd03a9e058a44baa72e20869251bd433191fa69a7a6359d

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

                                    Filesize

                                    10KB

                                    MD5

                                    28963db0bc159a424f1517eb98639385

                                    SHA1

                                    e66796f44a955e5e92c9674c648088c1e939054a

                                    SHA256

                                    e779cb7d2aeb8000c9c35f7b6b595163f02cafa84142ba9df781dceae56a3653

                                    SHA512

                                    0bb69590791da3afbc9435a1eae91014cf7c877247692a088754858d155c0dc3f1a3bbb5c1d153628b6e6f41cb8a24cf97debb0bb6681e5b7e7ce98882ec3f0c

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

                                    Filesize

                                    9KB

                                    MD5

                                    0fca90c3edc01be2e1d8d692cda352d2

                                    SHA1

                                    8f1ea49e08048789b015909a69550da8f9c12460

                                    SHA256

                                    bf69886d8c1a73ebc5ad7c40baca4f33e895a2d413e632600659b6d7d74c2a8f

                                    SHA512

                                    28f44c0dee4e220568425e04f9614505f1b9a56b6646cb155f10d20e72094792ecda9112e8aee8daecc6a8857a1c390b7cedfb4d5d63d1d9a019019e8dcfa7a5

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

                                    Filesize

                                    2KB

                                    MD5

                                    de8abb6b3dc95be4b674af8fd4842428

                                    SHA1

                                    9d3746814d0f8376e5df857feab8c4d6ef7cc2c9

                                    SHA256

                                    201d6e96496b7a8ed0f54198a5d13eeda2628258c6142cbc465c9103220e9020

                                    SHA512

                                    1b2d0e3cd10697d96ec21b10fc28c8ffb0e8ebf0107a751a2435f7ddb61c2bb221dc2c332dae57421386682462029c98875bf7720e3ee59f18ae9727a0ab34aa

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

                                    Filesize

                                    2KB

                                    MD5

                                    681887f04941bf4c9fbd31742cc2d01a

                                    SHA1

                                    a3c34945f2d3cc36bc5641bb7b066e299cc56e51

                                    SHA256

                                    77f2bdb03c1b1fbfe266df15b6054298c1be14de7190e36f251f499b895f7f3b

                                    SHA512

                                    370e53c89d6f679ad4e15900907a65e805ed09b52f1b0172a89400581d5291f85e7ded587e4646c3f290d4c2141dbffea079e3f694749de86dac9d0f121b374e

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                    Filesize

                                    312B

                                    MD5

                                    0c04ad1083dc5c7c45e3ee2cd344ae38

                                    SHA1

                                    f1cf190f8ca93000e56d49732e9e827e2554c46f

                                    SHA256

                                    6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

                                    SHA512

                                    6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                    Filesize

                                    424B

                                    MD5

                                    6b1ac1eadea4386289c51401ccb10548

                                    SHA1

                                    5dd44185eb48b0744842fe19abbfd75d8d7ff258

                                    SHA256

                                    2a8a075aaf1c62271a790041c9c9ea7b1a4415571b783bed0fa2f3435dba5c70

                                    SHA512

                                    335d0ff7a9b23973a4e75f2d1b38cd7acaf1a46880e62e2f9ed8d5bbd9708ca03dfcc76db28d807616943e1a1689d3099706190e81e6199ed6cf4cb260615169

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                    Filesize

                                    701B

                                    MD5

                                    12eb67e12a6b635ca07f082cde65d83e

                                    SHA1

                                    4e1a7537f767caeb1b9b089ffb7bcb873cfe63c7

                                    SHA256

                                    4e8b7d068f4e6c7f527ae288102aef2cc5b77eb3346ead78c10e609338d2d4de

                                    SHA512

                                    d7556dcb1bedafb4677a07f9bd877eb63f47288adfbec19fd35d352ff73432e9ad9b79c06363797d12fa9b92f5ba3c21ca312f79c96d82ce6ed7a35e201e9f56

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                    Filesize

                                    822B

                                    MD5

                                    0042f1a25008cfd9d9d809f072fcb34d

                                    SHA1

                                    8201d20a270210794409669ec8e9c42970085661

                                    SHA256

                                    96ae3760333bcbb72d8a6bb9c710a9dcb5b9dbf1f964fb5fd0adb284b99ccae9

                                    SHA512

                                    ab4ce7e27daf506dbafd3cc50c5bec57bf2de0c8bc09de701e563add6bfb3e61518ae4f1c0d1feed5bca78bfc25ea1b3d360302471292620a6409dc149cd35c6

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    1KB

                                    MD5

                                    d24f1c2b0983e0268ea13bb7909c8c0e

                                    SHA1

                                    4dad67c050bf782a12e08184923eee07583dc835

                                    SHA256

                                    71d9ffac27838065ab4beb5e31e79b978886a2a27fd486aa168c67031cf905bf

                                    SHA512

                                    7dee4d23b016e7994161d9baa2c11ce0e8da7a5e8ffa22bfcb76c76de73c895730af9ab178babfafa266101155c03a6885e3d19c599c60b6edcc01b84afcabe8

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    1KB

                                    MD5

                                    25b92c18b401aba4ad5c45a5a7a8eda0

                                    SHA1

                                    de68e8198c1ee1ee904f510990d31f991a36df5a

                                    SHA256

                                    e316346d16a327e0e2c1d1a7034bc46f2b81529b2db99eba7367015dc620fb95

                                    SHA512

                                    9d7aa3631648a94ba29a98354b5286ee012bf5469d05983a77f1ca340aa513c5ce33803671b75478449a783bc676fccd3ac4b5083fd550dc418fe0c77cffc876

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    1KB

                                    MD5

                                    c8bf4476483c32a1098c0b1e6179553f

                                    SHA1

                                    b3746e216c51bd7fdc3c641c894fcf3ea47385f5

                                    SHA256

                                    a9b4c7e50fe1b09b55fc6a9d060212350983924596c832408b9259b3e7942ffc

                                    SHA512

                                    adbc9f9b86af62bb7b4fc8c2343d3880d43e6b11b6c47ff359fc59932f2ef1154f66f04a1a0fd82fb067ef2cea81a04c198b521514c5dd98dad85d4be8081554

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    3KB

                                    MD5

                                    4dc668bb5bb28311c3ae1c343f0f5cb0

                                    SHA1

                                    39f49e2e384669c671ec3c05458f8c3681f15b1f

                                    SHA256

                                    5086710aab02e348b86a1a1b5bd48616cb7d56a342a823340ed7f6e22691c085

                                    SHA512

                                    8d92947fd14faf11695d3f7fd1f8d4cf2d9955a93f84205d9f80d94ea8c1dfe784e257a2c808c3891e841468da082860fd62abc2d50e6240ba740230b243f966

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    3KB

                                    MD5

                                    ef9ff1f395335e04eb38a037dfe291ad

                                    SHA1

                                    5877140fa7aa7be8d59ad11a8a39f4c8de288f80

                                    SHA256

                                    b5e6d5fc0ea37f05c26513df3b22f2cc6676bfbaf10def42dd01a0d35ffba662

                                    SHA512

                                    864a70085f4d3e1d1d8c5dfebaa2de44c626f38632efb7302702d465c7bf548f7347e4296922e53f58e579e4ade15d520e43c1001eed66994900ebc5394e8a44

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    3KB

                                    MD5

                                    fb8ccf89151002fa8c290b2009ea45d2

                                    SHA1

                                    1805342046f585b7ac534706b403ab32e271b5c4

                                    SHA256

                                    99e971e71ac20be133e216ef8e4ed2361e7428a617ca7780449f078fe319599f

                                    SHA512

                                    c4b4cb0de64aa7ea58e51118dfe0247787c7a192c843d2394ba114cc80309e562705dafe92b8c7f894c955726f2bfd0ed74b908137cf66595b35746786766c67

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    3KB

                                    MD5

                                    e690e0fa3c22906cf506eab93916f81c

                                    SHA1

                                    5a6c14dbdb101515ab8c9240eb684c81458531a4

                                    SHA256

                                    bb4e657994b1f468c4366efafde49b86009ce9dbde76c80280a7ddac7316fb6d

                                    SHA512

                                    6ae52a9799b83bd5630c23023cd0d2551302552b92fad76e533ca1ef801cff58457b7f6ef2159b1a3f37157ddbd2634440e16c0157a645dceb8ccbdd0f14a8b3

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    6KB

                                    MD5

                                    d47b3b401b2309703d22a32fc4917aee

                                    SHA1

                                    c72ad98d139baf73280d264ff603c00313b90680

                                    SHA256

                                    4d56e5bc80706c17dba3a9d258aa63616b6dc58c768c5ed5b39c56d1c476d388

                                    SHA512

                                    54d34757749ed47084e26462dd5e95b7d2b2408a5671c81cc875ef4ea8a5fda0d89cf8f751039beb28c966f0c67259e244266bf448476cd199f9f6fe34563077

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    6KB

                                    MD5

                                    42daa0c3ea6c2ef6144c494fd099e921

                                    SHA1

                                    77398a9317aef17953f836a07a526ee61c8610e7

                                    SHA256

                                    2e1a56e42f95bc7df0ff4120b5656f3f14146144bd54177d07ef94334b94e481

                                    SHA512

                                    d7f46fc29d7d6bb68453fc2b9cd79a9dae331e12328bdc86ec5e1306c80a61f700413d0a8de6fc50744a6864876fa744e8a87ffeed1cb2e12b6c1d1ed3a725d4

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    6KB

                                    MD5

                                    11dc450ce039336547bf8bcd1daf140e

                                    SHA1

                                    0ab6ec7f0a95b3a513e6a5f0361ee86d823a928c

                                    SHA256

                                    6cad31a7f44978e9cb4ba604c4f434e05cb5fb647d98e7014838392e2c9af9c7

                                    SHA512

                                    97474c637b64f4adcd33a9b9fd5d150fa5abdab6038a39b438dbd4c33fb31f061e35c486872b53acfe92313dee079816824ab5641fab7b1c99996564f288245d

                                  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                    Filesize

                                    6KB

                                    MD5

                                    0094e0e333323d401d5a60bf59732397

                                    SHA1

                                    f2f352c610c48d6f92828c35face37edda3bfe3a

                                    SHA256

                                    c31824d9d35e7e7674ec584afbff72f5729334169c764241ee5beea2ce1b1d8e

                                    SHA512

                                    dad9a3d91e3dc909f9a7fa1a6ac6bb24f8b1d51e2707bf2d0f117a68e8a15194effaaa8e171df053cd423152bd9e3b21c191f1d89563b1f63230fb6492a42940

                                  • C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier

                                    Filesize

                                    26B

                                    MD5

                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                    SHA1

                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                    SHA256

                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                    SHA512

                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                  • C:\Users\Admin\Downloads\Unconfirmed 776596.crdownload

                                    Filesize

                                    5.1MB

                                    MD5

                                    aee6801792d67607f228be8cec8291f9

                                    SHA1

                                    bf6ba727ff14ca2fddf619f292d56db9d9088066

                                    SHA256

                                    1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

                                    SHA512

                                    09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

                                  • C:\Users\Admin\Downloads\gcapi.dll

                                    Filesize

                                    64KB

                                    MD5

                                    ecb9969b560eabbf7894b287d110eb4c

                                    SHA1

                                    783ded8c10cc919402a665c0702d6120405cee5d

                                    SHA256

                                    eb8ba080d7b2b98d9c451fbf3a43634491b1fbb563dbbfbc878cbfd728558ea6

                                    SHA512

                                    d86faac12f13fcb9570dff01df0ba910946a33eff1c1b1e48fb4b17b0fb61dded6abf018574ac8f3e36b9cf11ec025b2f56bb04dd00084df243e6d9d32770942

                                  • memory/3172-358-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB

                                  • memory/3172-368-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB

                                  • memory/3172-360-0x0000000000784000-0x00000000019BA000-memory.dmp

                                    Filesize

                                    18.2MB

                                  • memory/3172-627-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB

                                  • memory/4088-370-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB

                                  • memory/4088-628-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB

                                  • memory/4332-378-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB

                                  • memory/4332-629-0x0000000000780000-0x0000000001EC9000-memory.dmp

                                    Filesize

                                    23.3MB