Analysis Overview
SHA256
0f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359
Threat Level: Known bad
The file AnyDesk.exe was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 12:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 12:27
Reported
2024-05-10 12:30
Platform
win7-20240508-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
PrivateLoader
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| LU | 92.223.88.7:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-d4aa0625.net.anydesk.com | udp |
| GB | 57.128.141.164:443 | relay-d4aa0625.net.anydesk.com | tcp |
Files
memory/2108-0-0x00000000011D0000-0x0000000002229000-memory.dmp
memory/2108-2-0x00000000011D4000-0x0000000001E5D000-memory.dmp
memory/2108-3-0x00000000011D0000-0x0000000002229000-memory.dmp
memory/2396-9-0x00000000011D0000-0x0000000002229000-memory.dmp
memory/2644-12-0x00000000011D0000-0x0000000002229000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 50da0895d9e56c0fbb515cf94da509df |
| SHA1 | c9d7e881e163e541a160185ec69f5679f61d12ec |
| SHA256 | 7b112caa21906708058d5644a31cecde45068b5aa9295065a8c43d5bb0fd36f6 |
| SHA512 | aa2c9b80fd339b2ffa392663a107e068039c25affc3709614a9c068ebfe9f79cb602f2be93ba73446092178a3c26fd00e5d540dc96a5c7f7a84dfbc139fae0a7 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | e7ab31672827e2b8877c00116313a4fa |
| SHA1 | 090bfdec1a7d28456bcdf189b57148331f3ce046 |
| SHA256 | 33885f8c611c47fa964d9e97b3d95b6901ff6169b3591b988acdb835289beb39 |
| SHA512 | c14bd0c9ca49ce9c903976b2bd5b47a4baed50150bf69fe501441c46d6caac61571401e281b90a239ce133d155c790232aa070013f20776b49e348b239f50254 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 1b6382b39d771f2ee4259754667defc9 |
| SHA1 | f7e54570c96ddba8c4d31ad89730cede979af307 |
| SHA256 | ceb60b9e90c4ed4a03bf73ccb9b22fda9a07b631e03a886e774a5afed3cebd62 |
| SHA512 | a6b40dd571fbd753c6e2a96e03f6e90105943e562d4e833a4272bb7c369ec75f3039dc2067b358ac6d01217e9ade5e1504e973606e1d4cca338abfda4bf41af5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 86703485acd55496a06ebb883f52f121 |
| SHA1 | de377cae87ac62e120c6ef3b67a87014e80aa8b1 |
| SHA256 | 91039be219fdfdebeefb77349b64c74922866c52510ec09f017cfe3824cde597 |
| SHA512 | 7ff3fa8e251a2469f5c36a0739d3ec76e6d143aec2949044ffd74555737b17b855d1f414bc6de60eef85f23ce2568d9b525e99fb37de10e455d7d35aa6a387d5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 16c8e2726cc9787a3815123c3af14ff6 |
| SHA1 | d7802ae8aa2d8b853a0bb373ca67aa36d1aeaee3 |
| SHA256 | af33a761c25c45364eb91702fa2b800b681832477eb869aac99e74d098a32567 |
| SHA512 | 4913b336e874b847650bdebb227fc0b185b86e17286bd82726f152f31dc201be77b38452d49ee59e6e0c295b00602deb7592eb753a054899efb60528d88799ea |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 988d07c86cf2ea406078a5c803ae438b |
| SHA1 | 4b7055cf1d4127966e08cf3a9734e32263b8f69b |
| SHA256 | 0215a51afc8b16669bafe76df24271626e860396be6686bdac00e4f1474ba832 |
| SHA512 | 5a1a7be68da4f951f12a1df7c2f20dd2eb585d1ccaad69853db51f22d382a450a526b6a0d56efd4ab53ce3a7dec14b5a5c6b036ef5a04d6c38635557a86db5c7 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | b2addafd8b8abbb63818521bcac50880 |
| SHA1 | 32b39a81c272aaa28d7a0b5c3e96b3853984be5b |
| SHA256 | 86a45fd5ecb23b4a49ce8533dc8ab310078d9504ac9dfd0650041be141ddb731 |
| SHA512 | 862e2d4f05ff23919b51379c1fa4e52cb6dd913fbeef49e8ffb052437441e3be8b0a8ef77ab5ca9bcc92956544a752dcd980b31d04a247d3ca9bafb29186228b |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 69a6f1fff60bbf1ca7a0df601dcefac4 |
| SHA1 | 9b9bfcc57c21d230f95a2f5af9ad17ba9277de76 |
| SHA256 | 0d236349f20a734284f3b920de646f66769dc2ca0cc62e8feaa8588232e8f882 |
| SHA512 | 500ce5164a5e692d2606f44b61d9a33948676f414e2890f4c22971eb97761e57d40a9f611a4c135ca23026e0222c935da853a083d0d7347a9e213685168dad92 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | e4e0c453165bd46d1bbff90f41660b78 |
| SHA1 | 312db86987255651ff4ebb66c4ea3c5897930236 |
| SHA256 | 0772de81eb796c46c7c497ec40476d006dfd8e3dd5017a0b94625e1caa67696b |
| SHA512 | 67cbe1cb9b6f5f47dc5df17a38c843b63a94b79b3a5ea6e0171c4d7e9ef90d33b16c987d401392d06828ddbf13e49e73a913d3c2805065ebc51cd7b4fe4d5276 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 2d45e6e3d35a509133a736c4de7082dd |
| SHA1 | ab8ac8e6eaaea7938b14c9033775849ef33ee035 |
| SHA256 | 95d5cc7a49f7b5061ae73c21465e902a1639937e767d8c8a432b20464ecc4a9e |
| SHA512 | 0e7686b23eeeb76afef4c4898a8cd237fcabbbd8e344feb12b192331ab4162a92c747a813eb403148f07027135d603d6b920a0c36ef8b7407d59896eef23f87e |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | cebc53ef1694043678d9d84aceb78c6f |
| SHA1 | 8f3ff69d37e190409aaba73827334f1b5f53e9f6 |
| SHA256 | b1e8682e418c3347b86d0900d3680d4d9c8451bd9c74d0bcf348f491592633c2 |
| SHA512 | 9087a3aeb5b6486fb043cdb4f26c8eff2859be72885e5cd10f7d3512fb7f2d57d263eafcfcc4821cbc8c22eca38e6a69e93a1f7ee9b751717fc56f9102c755e3 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 269980cb85099d5d178b15031e4cada2 |
| SHA1 | 5ff8e0f9942992c747cfaf823a321996ffb1f358 |
| SHA256 | 875067219a504f4e8e868400a09951265e900b8fdba69b8ef939bc7c3d3e6a0f |
| SHA512 | ddc3e75c76553f675c0121aa0624725855568ed759dfe31e2fab2794169a21a2c3575ebd0e2a53bc6e073b76d99a18eb71ac696da7cdbdcc216ee7793e4470b1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 33b621a59bdc1b2598cf617862fa0319 |
| SHA1 | 47e3453f0108b067f5270760818df5e308479c86 |
| SHA256 | f997d5c8fe116574011c3cd1b680232fce871bf56d6469f48d6eba45ef2fe654 |
| SHA512 | b0dbadb629f030582aa2d568c15b72e807878377ce5c4dfa6d153d951cfba4a557088440a223d2ae584b4af0f1805854a5047e131c4205ad7378d844467137fa |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 223a793669a3579ff467304313227887 |
| SHA1 | e1ccc561cdb0156032bd2719b07d842917a6b742 |
| SHA256 | d6e8bbfc63aa5f9aedf15df30a6ba2f626f8bc01326a7a50ca688f6ad06b78d3 |
| SHA512 | 03a694f7bfa5cc6b9203155791e20f3590ad6a607fe68605f8a047dd0d079f71dae661670de18403e0134f3d503b5c67eb5c7b2a88193c307d1352e8c6be0ce4 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 09178049e93373b3f22acbfb57c501fa |
| SHA1 | 02a6d07fd59a0924938b39b17bb7cbdb908eb2ce |
| SHA256 | 46c0afd5bae2a6ec3f470e4691bccadb4d5b7ac30e16a619df8d8ebb9dda441e |
| SHA512 | ca07204d74957c6cb7ef8b228fa9ac2efd8457e3fd146f7c40b92754b72c3b2e87aa75ed44784968174e3974948c4d3b76728603f46d97155caa7b78e5be1357 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | b536fb7eba2569f60d6a6d0e5317b871 |
| SHA1 | 8964e2054dc9eed84e24546d5bd5f6fbf29f56a5 |
| SHA256 | c2df7d2c86e2a0aad7057ff80ba13bde0e25aaf096aa13f23bb5e89a9205dfc5 |
| SHA512 | 2cc09f4a3a90927c6978510a5c34ac8e5c362efc49a9fe606b36ee75ca4aa818437ce1273509b43b93c2c4abe8ca677ecc94bd5f9609a10557366ebea0501137 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 400fc4ef0186ac1c7b03e28374fc18ed |
| SHA1 | 0366b562b86d14a135122ecdf5213a25d95d4564 |
| SHA256 | 333ec24ff28dc5f3b058bd0d5540cdd051f6faf8a4691ce3cfa2788386f884a7 |
| SHA512 | 7fd3b37bd991f6416d7b4465ca3fa581808bff8bc24791b1f6354bdc86da86c6ab45965a33fa9e4a82cb7065544de47e3f36ad64d789e9754fbc5036c0f3a2e8 |
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
memory/2108-208-0x00000000011D0000-0x0000000002229000-memory.dmp
memory/2396-209-0x00000000011D0000-0x0000000002229000-memory.dmp
memory/2644-210-0x00000000011D0000-0x0000000002229000-memory.dmp
memory/2108-214-0x00000000011D4000-0x0000000001E5D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 12:27
Reported
2024-05-10 12:31
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
158s
Command Line
Signatures
PrivateLoader
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1676 wrote to memory of 428 | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe |
| PID 1676 wrote to memory of 428 | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe |
| PID 1676 wrote to memory of 428 | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe |
| PID 1676 wrote to memory of 3408 | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe |
| PID 1676 wrote to memory of 3408 | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe |
| PID 1676 wrote to memory of 3408 | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| FR | 57.128.101.75:443 | boot.net.anydesk.com | tcp |
| NL | 23.62.61.163:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 163.61.62.23.in-addr.arpa | udp |
| FR | 57.128.101.75:80 | boot.net.anydesk.com | tcp |
| FR | 57.128.101.75:6568 | boot.net.anydesk.com | tcp |
| FR | 57.128.101.75:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-aeafd8c0.net.anydesk.com | udp |
| GB | 57.128.141.154:443 | relay-aeafd8c0.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | 75.101.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.141.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
memory/1676-0-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/1676-2-0x0000000000E54000-0x0000000001ADD000-memory.dmp
memory/1676-4-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/428-9-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/3408-10-0x0000000000E50000-0x0000000001EA9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | a5c1629a031751dc6301263eee58d7cb |
| SHA1 | 602f7c89e317963cb6bb1d00c87b74f74a825d52 |
| SHA256 | fb137d64c5e2900e7e6d62b21f7f9ddc746287655b7b9ea2ea1e16a9b5de5d5c |
| SHA512 | 46838b0e7b09e8dd468a588512b396045ed2542655e6bd81277550e9329fa714219559e0e9f5c28678e7ffe00dd65a7432a0e04306a47182f9e9fb3e2477bd4e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | c739e3f5b9a5af02cf2a59f022711853 |
| SHA1 | 771a164a1b57acac82186627c63de00401308baa |
| SHA256 | 601e9df8a2fdef182aa73f5b74484bc4dd5f62301a661ce85bc0c45460909515 |
| SHA512 | c56172352e02286e32ae51ebf814a9f9e43147c3b6f3fd051828c329f2e22327a01b41a49e583e7e554c3b9582356abf31b9840ccc9db7d22c11480bb4c10229 |
memory/3408-16-0x0000000000E50000-0x0000000001EA9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | c4546f31a8ff7dd88a6dcfe97af6a1ad |
| SHA1 | 5323b0cf260fc3c3368c043de5e47076d66bce98 |
| SHA256 | 8520bcc1eecab3b3de2763e5c065502320c931caa3a470412306d343d4560851 |
| SHA512 | 83e73b1807ce98173763be6f833bc77be9607126d8d3e3f632e06f85f9b91a1bed0a65c8702adfe7a35def71618746127dd56f1b22f7e999f24017612bbe413f |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | f8f0fff796d00cc8910d3d844d07c6d0 |
| SHA1 | 7dffbad2574a0e32ee0461a2664c386159c9394d |
| SHA256 | 42364a4c39dc08335bb8e57b39a666d32994ac72ed3dc2dcae7d7cd6e26d7a42 |
| SHA512 | 27686aa5bb1b4f493a7185f629d7dea5abbdbc0445ae34cf174ae3bc4d0e2885d21424c9264b1506acd513d1ea9b0d0f2eea9514e7c87dc9e311a694612bb02e |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | d2c2dafe793fa2b3d3c409b9003930a1 |
| SHA1 | 2634249bc207b0a702a59b361d002b5bcd3867c1 |
| SHA256 | a58418621d55ecb75976a37fb59c8caa94ee18d029a6fd4a418d3da2d0a7de52 |
| SHA512 | 1f82366701e95c47b2edb337d524298084d1fddee2a622b70bbf38deba78c6eb1b5483a18a73826c97eb938ab20d4cfcbd8ff767c392eac9652977ae7bc909c9 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 91b14679e9b5f6977a8aa5421d60aecb |
| SHA1 | d75fca2e83ebc213d8f2a9acc31acbc9c7fb26e5 |
| SHA256 | b903e5ee063f0ad765c183d80f735d0950ada8213de3f1ee72dc569e3244d4e4 |
| SHA512 | ac6e0ea77834c866000cdd5908f04b53bd0412db31be9ee54fb5d48915736bc9876d1625effe0b7c8779935bfb14eb77cddcf504fa43efdcace027807cc9ea0d |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 8e47dd95a9642a898220ee6d750dec1f |
| SHA1 | de125e87f8752832ee2b8abe9fd4758f629726a7 |
| SHA256 | c44f532457613d3d76bfb91a5b9daf1b21562dd53be2ebc026e6eee7157038e2 |
| SHA512 | 4518767b477d11bc91dc5de1b19793c688341c0bf5c74833007fd1e8d92551ec7c7f477bfbc6b89dbc8f1bec81cab9e443b9f0280f77b3e57a497588b60bffcf |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | e8381847fc1c91f7e2e80e8885648463 |
| SHA1 | 779184c21cd1d604c23ca39cab398c06f6a07799 |
| SHA256 | d6495125fc7c7e9438cd22829f03a0e602719e4c1db1af796b2354e2e776acb1 |
| SHA512 | 76f26ea85c833dad4aba1e2820f996ffd3a11f60828af434cd7bc27d8ec158fa112686e3e93b94aae70889ef209bd01f852df4834597ee7e680be722fc073a11 |
memory/1676-86-0x0000000000E50000-0x0000000001EA9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 3a6d89ef67fd6401e7a8e454f87990a6 |
| SHA1 | 9326847692ec82988740068a437779ffbadec69b |
| SHA256 | 2f6ad70123467ccf6728b2f5f1201a7aeadb976955d4b266b32916b5892cadad |
| SHA512 | 2526b9fba1929955fb79e6e0546280e2b92fd85bd33f0fdd9539158d05cf01a660674c304273b28619ea07d82e65240d2c0f77549b54ca89eb956e9faae5308b |
memory/428-95-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/3408-96-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/428-112-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/1676-118-0x0000000000E54000-0x0000000001ADD000-memory.dmp
memory/1676-141-0x0000000000E50000-0x0000000001EA9000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | a9305f8a26a371d3be90c1ebf23d734b |
| SHA1 | 19cc96f9ed56e8758cac440b1e1928ca522ee3dc |
| SHA256 | 8b5d9bb5079272404d9c9e153903a264b628765712e706d6771f81be382a277d |
| SHA512 | 6220fcf62ad10a4539e1ce676f94ae086ed739de1fe11f9196808ca5ca1999ed21020f9d4eab0ecfbaa87acafa3332b030b63761f6618c10f90dd5ac9231b5f1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d60c14259ddcf300514c5f7f8d865208 |
| SHA1 | 1db39a5f6f012bd7844bad73295869a710c1055e |
| SHA256 | bea433e2c8354b5de41e194c4b487e56f99a428a998cefe85d021a90a8f55cb7 |
| SHA512 | 73ae96ec6b2de66d5600d13c19e583dada52e730274e44b6b0722abd72b6276d7163f31a0fd46d90d555899af60ab49a0f8d7f717ce1f80390cde8e13b51a8cb |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | fc31f67ae18ae21fbb3aefccac3d05d1 |
| SHA1 | 546cf41795075c41a348c221da1ca9b907f22d44 |
| SHA256 | e4344865019648007a5740c6e11b23ba0ec3b37ce88a6ee2c8894defdd208307 |
| SHA512 | 04c6d33ea41d36836beb1d4040f3d4abea417c894f4366ea19bdf8fa37fb915a172ab8ca3a7c7091d763e2532c6229a89f08f4130416271b91b2000424944aaf |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 4adea3b2fe098a69cf7be7dbad306ef1 |
| SHA1 | d635ea7d22011a9d72816859f842560dadcf1b99 |
| SHA256 | 7c4dd7d438ded8f33c0e163c8125c225e89ae98392b1ffc36bdf472cd639df6f |
| SHA512 | 42c06b157246262ac51b76902807d6482f9fb94ac69d3d0258a2c651d1e7b8121f6c2df6124ed3b6da10caa0c59aebf46a838806851d3b48eb5b47e8fa0cae45 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 66545d70657e4ee5257e88be4fce0179 |
| SHA1 | ef08fcd85a430445446f162538493c8f6947e41f |
| SHA256 | 101a3c3953b94bd51ac636de8449e81fb05fecc27d3f7d607376373b93f04e23 |
| SHA512 | 065cfb8283b1c11cef1baf42214cbbaaaa6de2d9e26b3d50e9b626af5e338f5e249f58d5950e07b5fda3c11085cb4a10e4f0bf694460be0070c20c3f07da52cd |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 126cc553ffc4758f55633f0b25f1e571 |
| SHA1 | 19cd9d7144c82708f675620a2c91e769eed2006e |
| SHA256 | 3b23937fc4a7a608b6939b8fc3b3eb00402ad4142244069022773e2089c44d54 |
| SHA512 | 9701a1d220c2db30a64f879e0b786512e09dfa51b7a2f2e4c0b94ef8258d509ea0df76d5d1ee1175739dca947f40f9a887b57f7c68c283d7ee1c7d031c245e7c |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | fa6c4400265f9e1ce9bc64da96caf0de |
| SHA1 | 6ffbf89afa49646811c915706970b5c44e811f54 |
| SHA256 | d62133e239548adab1686163c0413d8f1708604202547076cc21c49e2cd099d0 |
| SHA512 | 8da4ffa98d6725c09fa4b17d33d37ef71541e2040c4d7906e6ade4c1d5a80b748bbcdfc9ad94d6f958856b32e4591e04db09edf0e389f01d6a509f503eb3e9e4 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 874163658bcd4d14e42bc1e0df626b87 |
| SHA1 | cc9ae21000e6e9ab3477cf9958533c850aac3434 |
| SHA256 | dcd829113b268b360af27a6daf9643335c5c3405950ad7b65ada31cbcb3083da |
| SHA512 | 10848d72c30eb937eeb25fc6129dba7f5c7faa0b982abfb6e2a71286cfad232da01624287b9bdd02bb7726a992bd5254f19aac45fbffd5e67150afb8e18aaa8f |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | bece349a73b8f5e67ef4ea8abadaf6bd |
| SHA1 | 278311fb0e8e8a0f16d6e8abf390423a857aea3c |
| SHA256 | f8070cb7b5e536e0789604b5bd495a201b89af52de84fc1a48c1e036dd83dbb9 |
| SHA512 | cacfc6c0ceeb8a878acbb763268e2126080b57afff5954160f1e8ebcb677b08e566bb687840b230feb15b4550863f134a8ae0a18873d1b58621f0be012babccb |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 55fda74fc241031c00242d407647bf50 |
| SHA1 | 4d57d42b587e75e9b9c0a341b1d28bd1c3a2a99a |
| SHA256 | 56259f3cde98da64ee1377cf804a11bfc93a913bc0e4359b8d14eec31bb53bdd |
| SHA512 | 98e253d4b70d3843bb7080021bc5f1eb57d4561591a276201a952c2304fbe02bec7adb535cb8ebd2031d900b6d41af242bca1e67972166baa8335f02a1208a30 |
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
memory/428-248-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/428-250-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/1676-249-0x0000000000E50000-0x0000000001EA9000-memory.dmp
memory/3408-251-0x0000000000E50000-0x0000000001EA9000-memory.dmp