1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Analysis

max time kernel
1791s
max time network
1795s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 17 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

AnyDesk.exe

pid process

3404 AnyDesk.exe
3404 AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

AnyDesk.exe

pid	process
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe
4996	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AnyDesk.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4996	AnyDesk.exe
Token: 33	1000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1000	AUDIODG.EXE
Token: SeDebugPrivilege	4996	AnyDesk.exe

Suspicious use of FindShellTrayWindow 13 IoCs

Processes:

AnyDesk.exe

pid	process
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe

Suspicious use of SendNotifyMessage 13 IoCs

Processes:

AnyDesk.exe

pid	process
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe
3404	AnyDesk.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid process

4936 AnyDesk.exe
4936 AnyDesk.exe
1600 AnyDesk.exe
1600 AnyDesk.exe

pid	process
4936	AnyDesk.exe
4936	AnyDesk.exe
1600	AnyDesk.exe
1600	AnyDesk.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

AnyDesk.exe

description	pid	process	target process
PID 3128 wrote to memory of 4996	3128	AnyDesk.exe	AnyDesk.exe
PID 3128 wrote to memory of 4996	3128	AnyDesk.exe	AnyDesk.exe
PID 3128 wrote to memory of 4996	3128	AnyDesk.exe	AnyDesk.exe
PID 3128 wrote to memory of 3404	3128	AnyDesk.exe	AnyDesk.exe
PID 3128 wrote to memory of 3404	3128	AnyDesk.exe	AnyDesk.exe
PID 3128 wrote to memory of 3404	3128	AnyDesk.exe	AnyDesk.exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4996
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:4936
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:1600
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
b45da3758d77f33954234d8affddf215

SHA1
8f175c6fe1e2717f6e9cb96605d926a8a893c9e9

SHA256
74538e243c5e104dabe8c2b6ae3a69ac4e45c2408d26330f55487f6859f292fc

SHA512
22aeb00d25aa1c2c5fb48f37b7648365e102ef1b486a5b3f25241e045e0314cbe12c498a6d32f7a11997f2689a66dbe09a1df3f046cb1a8f9191f9663a008de1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
37KB

MD5
0eab16af0b435b0253fd29285ccee5f1

SHA1
8ff0f0bdf34c0282b43ba03ae8589325120db3c7

SHA256
b95bb3e9c8a29f429b12432fd29106b57e4236755c5b5eb9d58bf8ff4d60a72b

SHA512
488d2a905b876b8aa5c9a978429e752d82c77c210ef2c4c21da492b7c6b0493406c2a925d3b07f6dbb427816998fc9fdcfca0df81f78dd5d29ee1578c4e11928

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
74KB

MD5
d3a27a52a853558c6e9b71e87073127a

SHA1
0b4e91515412eacb0598e41a23f2bbbb341b9ad0

SHA256
53f07dac74c5a5b485d2836da2da80d7d8d22d5a36a013183dc8d6beff93a39c

SHA512
d88f8b3f394da3883121e2ce9a6a5b4ea4fafc4b8d684569bc4bfdce17bbadd7a150a60cfdf84ed245efe393765899a866d7e7fac70cc9e612fc1c0876edfb7f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
95dbcd14b3a8f0653ae2b8f75eeb9a99

SHA1
959e2a3e369ffccd6c152a9847971c3768739cdd

SHA256
75493b3d1378dcbb67badfe4569ba92d1a9f0d26f705ef2f643172f66330f736

SHA512
5591ff1292cbdb0b738a780c7d43e588be6b48c766163c47231f279d0f1c9df91f08d0c98b4ee91b3e3f7fc98b038692836526086c33b2d41c5dd6281aec48b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8a2042f00aedc38886db880b78d669ce

SHA1
959987a7996e519e5cd181ea8c6a35431beae202

SHA256
76d8d4e673dd22fd0481b57650708eddf7b61f36c6ee0ff0d0e80316e6343222

SHA512
712702f13c8333122533b0c4c0ee7009e2b72266db19bddfec9251441aefca2eebbe32cdb27d4705424602fa5f92328d91c097b275996e69b3331de1f6a4c1bf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a29f02fe0576b464efa2a6b77ac7fbdd

SHA1
2a2bcc18892c32832aee30895b1798cf0300a2db

SHA256
d16378bf627b84a1b1ea57c2d9c93336620c1b014e8c21a71592bb9c7580b7fc

SHA512
1d7113467701eb3c0a7050300c5b4af1ba9e5a6c38bad8193ee056013d7407e2e503e6423e3d2f4e0972d6bf3abd2f66578975791ebd70e5918182c42b074684

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
632B

MD5
ad0449ebb7cac9afc4c9f80d9c726bdb

SHA1
a631190e7d2fd009fdee71c5cdfc89ec1496be04

SHA256
aa16b6a702c03759340ccc2dac405c77f02fae7c8401e91813b34998bb844a21

SHA512
7f65db9836bad544b1ab039ce07312ac908d4e3524de7a2b27a0b74a0effec8d42e0d36459ed98184aa662e6d78d2390cc8f26b684fc7a6ce743d8eedc9c4d44

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
4b6c319317857c35ef00bc85ff644cf5

SHA1
223f4a672b17c5b83382fb6f7e820440efa21e46

SHA256
1ce0afbd41bb37c9fced1eb48413b9c3aa133dbe67e23cdc1e14dd8c4d22e615

SHA512
53f61643742403b6e88ef25c0fd4a920ce31674fe93067fe57f6696e0cf80b3943f782e059c5a0afe0794df3f3d1f7dfc38f86a5c2540a78662b9e25a79da42c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
03bb5f6b9aeef548c48fa462bc07c9f5

SHA1
7da94f2014f7eae99a4f54622570409a58b7056b

SHA256
1c8ec4ce637e558a45149149ff6d4fe696dd63b6ac042c57a17ec3695bcec1fa

SHA512
34e91f44134bac21eea6635cddbbc0ae7e750752a531f2560d1755457200665a48d73f687449f86017f26bba93d1b1df48a5e3bcf2365a4daf8f3507e06b332c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
7a5f3fa22191c2fefb623dde27165371

SHA1
f14aa1f503144969b4efcc50f59bcecbf26ed5e5

SHA256
2794f2585aa42e73af434e3f0a118676f0f3a69792850099f2c93d52f83842a4

SHA512
51fb7a3094c60f75df5ed2688b67f165971ddcc344378015ea2a68c575666cdad2de241214f9490c4df32b459ecc624b5b117cbf5de5500a93a0c49b0131f1e2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
f83e494bbb40a57c31e59206a58f2bc2

SHA1
641d8dc21d8b583c81b5bb6b5aaee244e90d9288

SHA256
73ea055418b7e0717fc5c08e7dd5f639002df65e3ea2928349fbc025cd5dd4f6

SHA512
a36baf44f0c17bfe87d8cf90ac5c3928ed6b3f53450ee574e14196f0f246bf7bdb65558b5e5ceae0fb614beb7790bd36662f0402d202b97284dec5e35fb94e95

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
27dd992107dd528fb103dc40aa76cc41

SHA1
dd63f1f3d8f17b8a9c246c143416178b96846576

SHA256
e5cc6e9a2d03772320a324bf5f2c4970df67f85264c2f4206d9fde62ad916b4c

SHA512
052e520e054285fbe804b8dae9ce91ab2d1e7a8c78e58d63cdbca166f2a3c59189e6f1bfcae2aef3c3c66899247103d7c5733d992ce416a68969fd31bb49c636

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
4ba0af671a4ad9d4ebf503529b087c47

SHA1
7ec09abadc087eb42e0ee5c63c4ec4158120ef0a

SHA256
66668ddd39604e9573a6308cb48752639bb1cae2df7ce907fa475c49793674a6

SHA512
419c2d6cb7b7500f774217aaf559cd723c131be188501858870118f96291d6761507974f0c05edf5ca87e212b140ba0b95f29b369286cc2e07871e12b7103aec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fda73f7adc99b2e64c2bd315779e0b84

SHA1
eb766fa6992ade9026b1774b97920231cc1da16c

SHA256
25cb671259b202f242772913009903daeaf282e571fa2c5eb23fa8229a908127

SHA512
b72cb06619198e03b5500e22da2e0a212a76805a417de60808e8283b0d294b738e7f27e869d460c4cab69652ebe03ae33509625609ba331184aaa25b90df7b70

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b748e299a3fe22e6a9dd22d7e30e49c0

SHA1
52f5baa9ab06506752570aeff7ec3776fecc678b

SHA256
afad7923d2abd8f52acb6125920a4b6850665d528013b9ca98657625f2156601

SHA512
0424f38be8681e0689b8e967528cd460a3924f7be420163ae060cf67db5a8f06ce3bdf920b36376716e8287c54b021cd28bbb3c620a7a9efece6224fa8b29ef0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fb7b1cbb6740016ed33da6c1f374f2c5

SHA1
5a9ec608dba6fa4425c2b33e83ae6c7d10b1c4bd

SHA256
0c25149356cbb9db14a836f20845496c9f0878ca31ddf5f3e2b2425f0293efb2

SHA512
17616bfa49bcc3caf6258f3c476ea418b9076ade937864fea4be3d58e5bb8059d05820adc4d59c4c71d5bb30d3a2c81343e40394f68f70c43b79e663a93afa84

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
c907952cc4998b4869b337127504f553

SHA1
a15ca5e3a1ac1d330ed30d31cbd1d4c8c4ed8dfe

SHA256
1dae490a71fb1d3099b7aa0382b191d501b30351cf12c3c8f8c313bdc9163ee9

SHA512
aea600333cad8d6504034889c02d147790f164b3d1a26a44f47d51de3eec2a08cd0edf05166426b3c47f50d9a03cf7beeb3e466adb3f46a613d43a9620f54c5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0368cdc111bd03bb8bdf9eafafd78fa4

SHA1
6472dc4f39ddba92ed79165de253a4784d776e12

SHA256
51b5f196b93deb6954fb05b385f9c4e422800d0f48078f740db74b7e6cea0105

SHA512
55d904cc361ecd3f1d62c59581243c0dbd2f0a9ec1cdae893b17a5205d7d4e5ee3771319efecceb08b000e1925069c61ef63308f5e2a6c326e2d194c6599eb33

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
f628ea2e5b1eadbb7874e1829721540d

SHA1
26c7027ba88a9c3d22030d082c61dcfff40d1070

SHA256
6a29e809149cd468ba34c3f524f3f912eabcf2201ffe6b8a9e50fd29c45c3bd5

SHA512
3451078860f145edb0905327eef27d706284cfe7cb19f6bfd637c9b9be7bfbb6089221652ba269232bf40e16ca7886fb8ae0166161abff50caa586dc95df48f9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
89aa344dba62c4f311ec9637a7875c9d

SHA1
e2d2b83294e312e81d249f7db0413086ab13bcf2

SHA256
9fb355707e99aca9cf86947ab9d34d8582770ceed9c713b93bf1a126cb755f72

SHA512
6dd287e0d3fe6f195aeef0a4f9ebd6d90470840e7ce497aa8b618924dc825b2e665da937802824c0dc6dce2d1bdf2ac0ffc5ad51b99056e73ecb8884b0d4a25b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
2cf27d9cac5f95324f5dc8bf16630783

SHA1
879b75368cbd58b8d6fbb6eed916481526789d33

SHA256
20ce04f8e98e42665ee647e76d9a01461da431f3041b3145512338a00bf52e43

SHA512
03b2da7cfe7a1be2f6aff4ea5d33851a0053977119a48975a0ca3ea8f108331c8cef91b531f4926468c069be2497c08227f681ba5104004853b79c3b6e8551f7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
6bd0032e1805dc9d28676b59191f17db

SHA1
dfa27970947c06a308a3a47be180121fb8fbc9b9

SHA256
d65972a311f63622ddd9bfd9bedc295e4563f677e8e4c563809237eef28c79f1

SHA512
484604702f916088fb99c9b3868c67b3a70e25849fac264c1a2bfcb8bb6a15607118ad105ff7aa88959cfe9dc154a6a4ee29f689ebd6ac6571745e8ec7d7b3ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
68ac461165f1b6f464cc018071742a5b

SHA1
d52493b54b01b9c51457620a03af65d72bbb800e

SHA256
76f2478abb65ecfd95034c84c6c5c83fc5fda13d402538fa1b8900bfdbb0a7d0

SHA512
02d30069ef6d1025fe026a96d501c1416df45ec739390087792b17650c1f032c29f55c703625411c82268fcc52f3b5c8536c59a37110bcf5a083c1fcfb140732

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
4ead24bb78d11ea53cdd1a89d1af35df

SHA1
878f639b13e61c36d99f25afb12e698ed85f11c5

SHA256
98509b2953459df72f34a2117a025f7f32f2874022aed2fb36b04fd1c1d325eb

SHA512
e4e1a93e66725f73d8c4ef535121b97b6c07dd4f92552e089701a099a647bb11946dfbf6730100b0450d7f62db6a9414975c9922ce02ea39580c30a2cbdfd5cd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e18ff972465e1dd68f413f09fca216dd

SHA1
47a8c74be775820118dab3eab94e3d78e48b3961

SHA256
ee197c7dfb2e0d42b4dc51ab8dfc25807374c07b5f0105e099c945baf501dfdc

SHA512
2cc0d0e4ae42300fb71e9a35b1ce53acd7132de981a632c403214fe0417e790576d357506b760afe5eb4160a0825db2fb18dc78f135b1556899ea85a44b3d81c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
5120931921bffd1031ce80023e6bacca

SHA1
14f04720e68c9feb3c9bedfaaf2b44e33994f358

SHA256
766cec83331fb9a964881dba8a4d6f764e7fbb05f73d1f6ba73257ec9bfc8312

SHA512
ccd7bd8e8eaa6afba4caf95056d29ec4716aa7870384da4b56c81a2ecfc378bb106677d0bec937adf9cd43502f746090b82f2e3bd5b6ae3cc3aa0b553fa52df3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
14bda2f1ac3ff6639c3c240fbfca881a

SHA1
5850f40a49e51fccfd4c45fc251b6e76d1d91d44

SHA256
13530fe3ccbf7c3e7e3f57932e2d86174041250362f350f87f9ebcc1a8a16eeb

SHA512
f2ccbb9706ae08e591c2dbd21c5c5bd289ca3772be1dc7bf970bac6fc31dd5aa283d66425cd1ce04d01a80ac9f50e1315f0700878fd35387bc97dd791c9b7993

Download Submit
C:\Windows\TEMP\My Wallpaper.jpg

Filesize
24KB

MD5
d198aa071941d09e7ede35d9c5f4d116

SHA1
2bcb43634aee949c801e4d5c18d300b876555b57

SHA256
8cb99f2265a7a8d0290a7669c1edff338c8105faaa02c831ddf6e78ed699755b

SHA512
ff6aae991ce6e25008d9b9e55fcf328295428d914fbea2fefb8465233245389647eddaddb7ca2c48def8458eff96704ee3e585c5d3fd0c293a53bac48d52dc77

Download Submit
memory/1600-290-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/1600-315-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/1600-308-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3128-229-0x0000000000F24000-0x000000000215A000-memory.dmp

Filesize
18.2MB

Download
memory/3128-7-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3128-2-0x0000000000F24000-0x000000000215A000-memory.dmp

Filesize
18.2MB

Download
memory/3128-0-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3128-223-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3404-12-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3404-307-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3404-225-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/3404-289-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4936-231-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4936-286-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-224-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-306-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-10-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-235-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-311-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-321-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-325-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-329-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download
memory/4996-288-0x0000000000F20000-0x0000000002669000-memory.dmp

Filesize
23.3MB

Download