Analysis Overview
Threat Level: Known bad
The file https://anydesk.com was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Checks processor information in registry
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 14:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 14:13
Reported
2024-05-09 14:14
Platform
win11-20240426-en
Max time kernel
29s
Max time network
28s
Command Line
Signatures
PrivateLoader
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597376370553169" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AnyDesk.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://anydesk.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc48bab58,0x7ffcc48bab68,0x7ffcc48bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4544 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5020 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1820,i,15283492942002959948,8877635790917030385,131072 /prefetch:8
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 18.244.114.94:443 | anydesk.com | tcp |
| GB | 18.244.114.94:443 | anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| GB | 142.250.178.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.224.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.43.31:443 | tracking.g2crowd.com | tcp |
| GB | 142.250.178.3:443 | www.recaptcha.net | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| DE | 188.40.104.135:443 | download.anydesk.com | tcp |
| DE | 188.40.104.135:443 | download.anydesk.com | tcp |
| GB | 18.244.114.94:443 | www.anydesk.com | tcp |
| DE | 188.40.104.135:443 | download.anydesk.com | tcp |
| US | 8.8.8.8:53 | scripts.iconnode.com | udp |
| US | 104.16.141.209:443 | js.hs-scripts.com | tcp |
| GB | 18.164.68.77:443 | serve.albacross.com | tcp |
| GB | 108.138.233.123:443 | www.dwin1.com | tcp |
| GB | 18.164.68.12:443 | scripts.iconnode.com | tcp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 104.16.75.142:443 | js.usemessages.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.68.164.18.in-addr.arpa | udp |
| GB | 143.204.194.77:443 | lantern.roeyecdn.com | tcp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 104.16.117.116:443 | metrics-fe-na1.hubspot.com | tcp |
| US | 104.16.117.116:443 | metrics-fe-na1.hubspot.com | tcp |
| US | 104.17.175.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.175.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.175.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.175.91:443 | static.hsappstatic.net | tcp |
| IE | 63.34.246.158:443 | new-collect.albacross.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.64.146.132:443 | 7940397.fs1.hubspotusercontent-na1.net | tcp |
| US | 172.64.146.132:443 | 7940397.fs1.hubspotusercontent-na1.net | tcp |
| LU | 92.223.88.41:443 | boot.net.anydesk.com | tcp |
| GB | 57.128.141.163:443 | relay-ad195ac5.net.anydesk.com | tcp |
| GB | 195.181.165.139:443 | relay-2cf7befd.net.anydesk.com | tcp |
| GB | 18.245.187.59:80 | api.playanext.com | tcp |
Files
\??\pipe\crashpad_3552_FTCCDMUUVJVFMXYJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
| MD5 | 585ac11a4e8628c13c32de68f89f98d6 |
| SHA1 | bcea01f9deb8d6711088cb5c344ebd57997839db |
| SHA256 | d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6 |
| SHA512 | 76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19 |
C:\Users\Admin\Downloads\Unconfirmed 776596.crdownload
| MD5 | aee6801792d67607f228be8cec8291f9 |
| SHA1 | bf6ba727ff14ca2fddf619f292d56db9d9088066 |
| SHA256 | 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499 |
| SHA512 | 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f |
C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7d22df2ac21023faea6dedc64d1e3d44 |
| SHA1 | b6b8cc91afd81feb1991205bb4f138ccb6c98ff8 |
| SHA256 | 81b7d5d682dfaf3f15bd46830a8a45cf25923dea55acf59561deeb9a00ccb90b |
| SHA512 | 6d7e744e70ea362f7c0646075c99bbcde61313dd49f5f32b4b6ac355d36377e63d373a2228a229496fd03a9e058a44baa72e20869251bd433191fa69a7a6359d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4eb80e1b14eed530becce02e0d448a60 |
| SHA1 | 3b9a459f3f04202a9c46f69b1a544306c376795c |
| SHA256 | d406bba7db2ee3ec8cccf7f34bf5201cd60b0a30ac2bb52325e64828a7f8c6a7 |
| SHA512 | 032af2f1dea7d4fc66fa861e13c6afb59ac1051b1917314be15f9abe955430d3cc335d7d7e8af992509ab8166af6c817d76e4ef25a851c4a6c68fb3ea0e965e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bc24f60febaf3c9d00f32394bd6371f6 |
| SHA1 | 3b38db40f34af9dba02ad9dc2eea89612066f06a |
| SHA256 | ab74c2d32b660bb6234212265cd5a26937a057eb584a974fed4d7d2fb74ffaa4 |
| SHA512 | dab44ec20c715bbcf61804cf63afc96844f8e7ea383a4e690fde516893953db4b75c202162cc175d3d9afff44bf22b7e3e5e4e880737fcfec2205df96831d438 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4e52528e876a90ecda26c110b0a492be |
| SHA1 | 43dedbc8856be6649c5963fd0e4fd2ee18b970e4 |
| SHA256 | 4e80810675791ea158395574eccb4b3e1121cc0f79cc14b1c70b6d9d1a8e51c8 |
| SHA512 | 0d2ce74c64e29281c082b3be115d0e11c4c1731f6e04f4a49a8556fad82c169e03ff91275e771b648afeead562ec9cb2ae24f17e3eeee3109d4d05b68a84468b |
memory/3172-360-0x0000000000784000-0x00000000019BA000-memory.dmp
memory/3172-358-0x0000000000780000-0x0000000001EC9000-memory.dmp
memory/3172-368-0x0000000000780000-0x0000000001EC9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d24f1c2b0983e0268ea13bb7909c8c0e |
| SHA1 | 4dad67c050bf782a12e08184923eee07583dc835 |
| SHA256 | 71d9ffac27838065ab4beb5e31e79b978886a2a27fd486aa168c67031cf905bf |
| SHA512 | 7dee4d23b016e7994161d9baa2c11ce0e8da7a5e8ffa22bfcb76c76de73c895730af9ab178babfafa266101155c03a6885e3d19c599c60b6edcc01b84afcabe8 |
memory/4332-378-0x0000000000780000-0x0000000001EC9000-memory.dmp
memory/4088-370-0x0000000000780000-0x0000000001EC9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 0fca90c3edc01be2e1d8d692cda352d2 |
| SHA1 | 8f1ea49e08048789b015909a69550da8f9c12460 |
| SHA256 | bf69886d8c1a73ebc5ad7c40baca4f33e895a2d413e632600659b6d7d74c2a8f |
| SHA512 | 28f44c0dee4e220568425e04f9614505f1b9a56b6646cb155f10d20e72094792ecda9112e8aee8daecc6a8857a1c390b7cedfb4d5d63d1d9a019019e8dcfa7a5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 28963db0bc159a424f1517eb98639385 |
| SHA1 | e66796f44a955e5e92c9674c648088c1e939054a |
| SHA256 | e779cb7d2aeb8000c9c35f7b6b595163f02cafa84142ba9df781dceae56a3653 |
| SHA512 | 0bb69590791da3afbc9435a1eae91014cf7c877247692a088754858d155c0dc3f1a3bbb5c1d153628b6e6f41cb8a24cf97debb0bb6681e5b7e7ce98882ec3f0c |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 6b1ac1eadea4386289c51401ccb10548 |
| SHA1 | 5dd44185eb48b0744842fe19abbfd75d8d7ff258 |
| SHA256 | 2a8a075aaf1c62271a790041c9c9ea7b1a4415571b783bed0fa2f3435dba5c70 |
| SHA512 | 335d0ff7a9b23973a4e75f2d1b38cd7acaf1a46880e62e2f9ed8d5bbd9708ca03dfcc76db28d807616943e1a1689d3099706190e81e6199ed6cf4cb260615169 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 25b92c18b401aba4ad5c45a5a7a8eda0 |
| SHA1 | de68e8198c1ee1ee904f510990d31f991a36df5a |
| SHA256 | e316346d16a327e0e2c1d1a7034bc46f2b81529b2db99eba7367015dc620fb95 |
| SHA512 | 9d7aa3631648a94ba29a98354b5286ee012bf5469d05983a77f1ca340aa513c5ce33803671b75478449a783bc676fccd3ac4b5083fd550dc418fe0c77cffc876 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | de8abb6b3dc95be4b674af8fd4842428 |
| SHA1 | 9d3746814d0f8376e5df857feab8c4d6ef7cc2c9 |
| SHA256 | 201d6e96496b7a8ed0f54198a5d13eeda2628258c6142cbc465c9103220e9020 |
| SHA512 | 1b2d0e3cd10697d96ec21b10fc28c8ffb0e8ebf0107a751a2435f7ddb61c2bb221dc2c332dae57421386682462029c98875bf7720e3ee59f18ae9727a0ab34aa |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 12eb67e12a6b635ca07f082cde65d83e |
| SHA1 | 4e1a7537f767caeb1b9b089ffb7bcb873cfe63c7 |
| SHA256 | 4e8b7d068f4e6c7f527ae288102aef2cc5b77eb3346ead78c10e609338d2d4de |
| SHA512 | d7556dcb1bedafb4677a07f9bd877eb63f47288adfbec19fd35d352ff73432e9ad9b79c06363797d12fa9b92f5ba3c21ca312f79c96d82ce6ed7a35e201e9f56 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | c8bf4476483c32a1098c0b1e6179553f |
| SHA1 | b3746e216c51bd7fdc3c641c894fcf3ea47385f5 |
| SHA256 | a9b4c7e50fe1b09b55fc6a9d060212350983924596c832408b9259b3e7942ffc |
| SHA512 | adbc9f9b86af62bb7b4fc8c2343d3880d43e6b11b6c47ff359fc59932f2ef1154f66f04a1a0fd82fb067ef2cea81a04c198b521514c5dd98dad85d4be8081554 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4dc668bb5bb28311c3ae1c343f0f5cb0 |
| SHA1 | 39f49e2e384669c671ec3c05458f8c3681f15b1f |
| SHA256 | 5086710aab02e348b86a1a1b5bd48616cb7d56a342a823340ed7f6e22691c085 |
| SHA512 | 8d92947fd14faf11695d3f7fd1f8d4cf2d9955a93f84205d9f80d94ea8c1dfe784e257a2c808c3891e841468da082860fd62abc2d50e6240ba740230b243f966 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | ef9ff1f395335e04eb38a037dfe291ad |
| SHA1 | 5877140fa7aa7be8d59ad11a8a39f4c8de288f80 |
| SHA256 | b5e6d5fc0ea37f05c26513df3b22f2cc6676bfbaf10def42dd01a0d35ffba662 |
| SHA512 | 864a70085f4d3e1d1d8c5dfebaa2de44c626f38632efb7302702d465c7bf548f7347e4296922e53f58e579e4ade15d520e43c1001eed66994900ebc5394e8a44 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0042f1a25008cfd9d9d809f072fcb34d |
| SHA1 | 8201d20a270210794409669ec8e9c42970085661 |
| SHA256 | 96ae3760333bcbb72d8a6bb9c710a9dcb5b9dbf1f964fb5fd0adb284b99ccae9 |
| SHA512 | ab4ce7e27daf506dbafd3cc50c5bec57bf2de0c8bc09de701e563add6bfb3e61518ae4f1c0d1feed5bca78bfc25ea1b3d360302471292620a6409dc149cd35c6 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | fb8ccf89151002fa8c290b2009ea45d2 |
| SHA1 | 1805342046f585b7ac534706b403ab32e271b5c4 |
| SHA256 | 99e971e71ac20be133e216ef8e4ed2361e7428a617ca7780449f078fe319599f |
| SHA512 | c4b4cb0de64aa7ea58e51118dfe0247787c7a192c843d2394ba114cc80309e562705dafe92b8c7f894c955726f2bfd0ed74b908137cf66595b35746786766c67 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | e690e0fa3c22906cf506eab93916f81c |
| SHA1 | 5a6c14dbdb101515ab8c9240eb684c81458531a4 |
| SHA256 | bb4e657994b1f468c4366efafde49b86009ce9dbde76c80280a7ddac7316fb6d |
| SHA512 | 6ae52a9799b83bd5630c23023cd0d2551302552b92fad76e533ca1ef801cff58457b7f6ef2159b1a3f37157ddbd2634440e16c0157a645dceb8ccbdd0f14a8b3 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d47b3b401b2309703d22a32fc4917aee |
| SHA1 | c72ad98d139baf73280d264ff603c00313b90680 |
| SHA256 | 4d56e5bc80706c17dba3a9d258aa63616b6dc58c768c5ed5b39c56d1c476d388 |
| SHA512 | 54d34757749ed47084e26462dd5e95b7d2b2408a5671c81cc875ef4ea8a5fda0d89cf8f751039beb28c966f0c67259e244266bf448476cd199f9f6fe34563077 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 681887f04941bf4c9fbd31742cc2d01a |
| SHA1 | a3c34945f2d3cc36bc5641bb7b066e299cc56e51 |
| SHA256 | 77f2bdb03c1b1fbfe266df15b6054298c1be14de7190e36f251f499b895f7f3b |
| SHA512 | 370e53c89d6f679ad4e15900907a65e805ed09b52f1b0172a89400581d5291f85e7ded587e4646c3f290d4c2141dbffea079e3f694749de86dac9d0f121b374e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 42daa0c3ea6c2ef6144c494fd099e921 |
| SHA1 | 77398a9317aef17953f836a07a526ee61c8610e7 |
| SHA256 | 2e1a56e42f95bc7df0ff4120b5656f3f14146144bd54177d07ef94334b94e481 |
| SHA512 | d7f46fc29d7d6bb68453fc2b9cd79a9dae331e12328bdc86ec5e1306c80a61f700413d0a8de6fc50744a6864876fa744e8a87ffeed1cb2e12b6c1d1ed3a725d4 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 11dc450ce039336547bf8bcd1daf140e |
| SHA1 | 0ab6ec7f0a95b3a513e6a5f0361ee86d823a928c |
| SHA256 | 6cad31a7f44978e9cb4ba604c4f434e05cb5fb647d98e7014838392e2c9af9c7 |
| SHA512 | 97474c637b64f4adcd33a9b9fd5d150fa5abdab6038a39b438dbd4c33fb31f061e35c486872b53acfe92313dee079816824ab5641fab7b1c99996564f288245d |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 0094e0e333323d401d5a60bf59732397 |
| SHA1 | f2f352c610c48d6f92828c35face37edda3bfe3a |
| SHA256 | c31824d9d35e7e7674ec584afbff72f5729334169c764241ee5beea2ce1b1d8e |
| SHA512 | dad9a3d91e3dc909f9a7fa1a6ac6bb24f8b1d51e2707bf2d0f117a68e8a15194effaaa8e171df053cd423152bd9e3b21c191f1d89563b1f63230fb6492a42940 |
C:\Users\Admin\Downloads\gcapi.dll
| MD5 | ecb9969b560eabbf7894b287d110eb4c |
| SHA1 | 783ded8c10cc919402a665c0702d6120405cee5d |
| SHA256 | eb8ba080d7b2b98d9c451fbf3a43634491b1fbb563dbbfbc878cbfd728558ea6 |
| SHA512 | d86faac12f13fcb9570dff01df0ba910946a33eff1c1b1e48fb4b17b0fb61dded6abf018574ac8f3e36b9cf11ec025b2f56bb04dd00084df243e6d9d32770942 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe57befa.TMP
| MD5 | 39d969c8616d6636c17c2b5f95f26438 |
| SHA1 | 0161873c75330b7d2a9142339e716151f2f054c6 |
| SHA256 | 6328442bad5d366035f2b2f935d90bf8a02ed2c45d47fb7f87eb9f74bb209c3c |
| SHA512 | 88b196d0f4e761f1d8c82e41cb6bdd2b692b705d339e1626b74380163877f8e2eb2645c2a1eb89dfd94e80e8faaa3c7ebb92dee0a65869f843323b1c3e7161f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt
| MD5 | e6ca7951783e2360640120731d4ab888 |
| SHA1 | 34b422272492d8aba32c1a2e5e5d68f7a73e7115 |
| SHA256 | ac81d7a3d325deccf227752789a3c8935cfda97dc622eeed42d1dd97f59edaf9 |
| SHA512 | 5d1e01a15adfd9cd9efe1843fb814f2b103a4b85b957509cf7f25fb1ffa9cab738589786e397c47e2c15ab34a3fef8cdd8f7e009145c0b1ce55118c69f27093a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e2e0bd3346da0f0d3a245fc0d5629db8 |
| SHA1 | bb2607385a6ba81014842e55058c12250bd6bdf6 |
| SHA256 | dcd22010aa1c8c12ed704f12dbd8e84b08b016a8a9e722c8ca9225bdabfe3ef9 |
| SHA512 | 7c5b3a32ec2a11b2ca5f558f79bb54bc3e4b557b95c57de548da52d097a913db8ff824d371ddd2ada994d8841146ffbb0b948742c928ca06d03b843a8c439fe7 |
memory/3172-627-0x0000000000780000-0x0000000001EC9000-memory.dmp
memory/4088-628-0x0000000000780000-0x0000000001EC9000-memory.dmp
memory/4332-629-0x0000000000780000-0x0000000001EC9000-memory.dmp