Analysis

  • max time kernel
    267s
  • max time network
    268s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 12:26

General

  • Target

    AnyDesk.exe

  • Size

    5.1MB

  • MD5

    aee6801792d67607f228be8cec8291f9

  • SHA1

    bf6ba727ff14ca2fddf619f292d56db9d9088066

  • SHA256

    1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

  • SHA512

    09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

  • SSDEEP

    98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 29 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3344
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
      2⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4840
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5af8ab58,0x7ffd5af8ab68,0x7ffd5af8ab78
      2⤵
        PID:4248
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:2
        2⤵
          PID:1644
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
          2⤵
            PID:2424
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
            2⤵
              PID:1564
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
              2⤵
                PID:908
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                2⤵
                  PID:4108
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3648 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                  2⤵
                    PID:2668
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4120 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                    2⤵
                      PID:3492
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
                      2⤵
                        PID:1940
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
                        2⤵
                          PID:1700
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4600 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                          2⤵
                            PID:4048
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5084 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                            2⤵
                              PID:4428
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
                              2⤵
                                PID:3364
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
                                2⤵
                                  PID:1116
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:8
                                  2⤵
                                    PID:2396
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4600 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                                    2⤵
                                      PID:4220
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1956 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                                      2⤵
                                        PID:4664
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1084
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2328 --field-trial-handle=1940,i,2159766307855383044,10339974179379193277,131072 /prefetch:1
                                        2⤵
                                          PID:3952
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:1032

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          810B

                                          MD5

                                          2ec50d1f2d6df1d4b65d043db8b5cce0

                                          SHA1

                                          232712098d1d05cce51fa88fdfa6df66cc69b806

                                          SHA256

                                          86e0c1d11790825ead5b387441b89f2fd781ec4d9ceb55ff89f28dde099edca4

                                          SHA512

                                          6cacd6aa2eea11118bace76cdfd684e57b28b5b5684ad0fe802cd35af10fdb42ebdb6026c2b883686cd72e3e2b5e1b74a195f0801002f42086530670753d25ba

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          47d44aa16d4faf54b35505e7d62d2665

                                          SHA1

                                          0faacb3f0ecb1ed079e295f2dee815773d34735d

                                          SHA256

                                          4c6a9b30254cfecb320c56f557829825769570b70d46cfc194d44333d6481ec6

                                          SHA512

                                          7ebbff8e1cd620f89cebdc04965e93454b348d5d2c5cec2aa7caab80546085dbff650189c7c9c382656abb7e488b2173f6f743c92062ab24cd2596dcec0e5804

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          2725ba9d09d392fa9b2842b9999f9101

                                          SHA1

                                          c4c8298124197629ed2de90d0f7475e34a5540d1

                                          SHA256

                                          19ecc1706c997e4bc01ff178641383a78e5865a81d666f5b60d9acb429e06c06

                                          SHA512

                                          62963cd771d349488e748883eef4785ea18dab26fa859dd751b1f4e0d8e34ffae804e18b60247896c85f34408e1d27640a4008c8ad374ee92953da0f4b5c0ef0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          335KB

                                          MD5

                                          1e72a7b81030ea9631780e44e062c5be

                                          SHA1

                                          756bf56df20d13339adcf390d44df0ef434c3bfe

                                          SHA256

                                          ce6f26bb2cad6d5fa9e61bfb27c3885f074910025a2ca833476c892ac35c123c

                                          SHA512

                                          54e359d851def447c3ee5a08eee013fcd1ad6766d141f28a0979c3947079484f570096ad8db77803f448fa56a14dc2a2262a2056a3b3bb38e14ba2c7e998e64b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          291KB

                                          MD5

                                          6c185415bd46eeaa820ee75a2830eeab

                                          SHA1

                                          dee2c6278d9cc1a7de33e0d9fe92fbd02bfc8108

                                          SHA256

                                          357ba54a067e91f9c90ecf527cfe25a109318408ea1b6a640ac8c521b368421a

                                          SHA512

                                          4e9f26cbbf7e353d6f3bf799563aa6f01b6312ea48d44d29cd9bda9779c6f949878f49e17f855b0fca0d8b17796da28f415babdbd0b0bd3762b46254ccaa1d94

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          257KB

                                          MD5

                                          484be5cdd616d1fc70482bd518a8876d

                                          SHA1

                                          156103d0f5faafe3e1882f20fd27551767e1753e

                                          SHA256

                                          d9913ff3c5aea4805d4c68b18308bc2a6400643305fb34b8545bc5603126bdf8

                                          SHA512

                                          2652dc393ba0458c2478bced195b57186f07ceb40a9436355ddd0917fd0a782b9451e86a90f6afb3471da882f293f03e3e0acf6c66a46007882fe8e38ffc8d41

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          257KB

                                          MD5

                                          41e31bb85e1b5db271a60f55f9f4e458

                                          SHA1

                                          5325f32ce5e9144e3b4171b6d5b5f0f91147448f

                                          SHA256

                                          ef7da3c1ef4b24bdac0f3e48445cea1a6efd24a36c222855579499d2f6b1cca2

                                          SHA512

                                          972d99003532c5c2711841b2692a5e3ffdb13302e56b36d3f24ddf72cc248025806eb7bc5fba4dc718a3191c1cd7d0c577f9a38ec7504bdd81d71111f60d0291

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                          Filesize

                                          91KB

                                          MD5

                                          c2b4fb00b9e760beac5a09441686364c

                                          SHA1

                                          56a69f591a80f23ff748b01d807253748526c34d

                                          SHA256

                                          1a4789d5028d094553d53a8b1c6a24f89ed4ab1f4141041a1b483c02e0ac60e1

                                          SHA512

                                          6fab06b73f4c930a5e588444655aed2e3008e70bfa8f2cc132d44787066480c93f5911cce58c41f1da71fd1a4ab255090f701497ed4c0fde08515964946949f2

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586d5b.TMP

                                          Filesize

                                          88KB

                                          MD5

                                          30abc319c8c4b9d4838943db8e33d0ab

                                          SHA1

                                          1706ecb7336509a1f45c6c36ac2aee5dce7d739c

                                          SHA256

                                          7114085eece65345899e860534b86a5823bb8c14ea5ebdd4d0bbb81127667abb

                                          SHA512

                                          1d314365a276b074a8bb7a8a2a6571ff4f16da3204c6589ed52466971f49475b239a8280f6f2a9846b30819de422bbb3d20893d451c478cc0315aa644554b1f8

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                          Filesize

                                          264KB

                                          MD5

                                          c25a64396b3f7cfa2bf579e8e965da11

                                          SHA1

                                          12ffa25bced72389613e17f03896453adeb5c4d4

                                          SHA256

                                          1ef737175cfa872efaa6de7e1482cd525596a2149c6972efece77d7b24919abb

                                          SHA512

                                          161a3ef67a1ab6afa7adfad4e9624a94f41e1a119b063f9d75b5e5adeee5c8ca2e267f566243933f08a17628705c39b83b120a45dd63019eb6eb150f95351d5c

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

                                          Filesize

                                          10KB

                                          MD5

                                          95184259d553e7e4d523fb9aa7ef1bee

                                          SHA1

                                          33a7d3dd29f2d270ccf34bf5e1a06c87aa0a6a0d

                                          SHA256

                                          5bf5186221f047b43504d8c60113dbf46bef0fb9fabba6ded010b7036165807d

                                          SHA512

                                          2811c49be405652896fed78d0c5f13066f33c2ad5c635224fc6d0140cd0b4c81ca477819f4193557f16f36ecd7c2e0756d17c679e9036dad3e21616ead638bc6

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

                                          Filesize

                                          2KB

                                          MD5

                                          02175d4e5484afe77482cb9313d8c843

                                          SHA1

                                          c8b2fb368453264df5969341010da30ea84e76b8

                                          SHA256

                                          28ae606b68829c5d0da8cf359e0f5d9f91e535ad005d90519993c5ef7eefd943

                                          SHA512

                                          8c07250a97840bb60ede44895e3c92d88822a12cdfc1e8fb65d471a4dde6f2835d0f34079fbdff05d2a4aad26a24d24c168adfacdb7b781631781eaa883f22c5

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                          Filesize

                                          312B

                                          MD5

                                          0c04ad1083dc5c7c45e3ee2cd344ae38

                                          SHA1

                                          f1cf190f8ca93000e56d49732e9e827e2554c46f

                                          SHA256

                                          6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

                                          SHA512

                                          6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                          Filesize

                                          424B

                                          MD5

                                          72434710ea8dafbce7ce1b70485665fd

                                          SHA1

                                          e2014b5b45efcd73b6b37bca079b7d131596d90d

                                          SHA256

                                          59607db669b08753174bc92c123c5297c171ab892e7768c662c438fd4c877b9c

                                          SHA512

                                          afe399dc1311f86012f05ae0770611e0f8f33bfcf8aa9f32024de6ebfd2691dd36aabd554eaaea39831b206cd6ee1c05a0c27e9fc1be25ae501c9c47bf5f852d

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                                          Filesize

                                          424B

                                          MD5

                                          bfa4396a3c60f2977efae17a23097770

                                          SHA1

                                          1deffc56b8a31c2ec13448a34915d199fbc2efda

                                          SHA256

                                          61f6d33e0a1651498931c49fda679c3fc834d1bfe16a03c32b4b46ef9b6ead1c

                                          SHA512

                                          0ccc528c2484d18f18cc0a9949d3872006000fdc4e38eb414e742f9e8d58d119833c272e9eeec7e71e42de346d1e247bd1f189ec0532184207a1b19499df2833

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          0b467ac63038a1a47c8ab16cb5f5a659

                                          SHA1

                                          d18e75e6f75f03eb106c209de7d7e30532db4981

                                          SHA256

                                          f8b0aa017248333c42369702d671fa289f5559b8f604df84ef20689cd61c0406

                                          SHA512

                                          a7c4892b5ddc0a1fec7dc051e01f19f8c2f00039b1d0e61352694683fd096d4420f6ae9fe65e7d01c5baec99bb755aadf707cb48a89de077f601fc281a19cfc4

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          ecabe4025ba0be7f4c781977f2d288b3

                                          SHA1

                                          a7679b4414a07b09f38880a78b58fef51c871bed

                                          SHA256

                                          8e5075df1fcb1bdf6eb68a517b319539a1f7c4675a0564bef33f099372e80a81

                                          SHA512

                                          bff8de3d9a863941451e859c53e8a418129927fc981e84dbf75052661372926693fa60d4538caa44b1b281a4e83e4e6ac5a541b7ef462c9f3fbe79dbb3915bd6

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          f713e3cbfc35c67d0674c32c7cd5c52b

                                          SHA1

                                          964ae4f5a627327914cd29560e035e4e600878a9

                                          SHA256

                                          a3b4b1eb32b0c05f67d62c3b3d6a0f0bcf49e848f24d778cf7391044bd15b844

                                          SHA512

                                          91c8d0790ce4cd5d7ee6a19b57ea5b52b2d680a0af4022bb983a1473d91890dea55681ed9205faaaf21ae969c8d1da0d62b5552cbdbb22e3cacdc5c3453bf1ea

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          a1effab005d3b415fa0d44623bc24af3

                                          SHA1

                                          41df9be17bf6207955c6d29c2a3d0ce347d1d93e

                                          SHA256

                                          5810e700b785dbb6b64fb47269263ca94380204f63d7db687badc23325e58e47

                                          SHA512

                                          88850ad0ca636e84ce85a2e56e1d2b331300c365237e36a40e9d74c6648b550827f59e4a91ac23c6fee19d90384ddfb095533a67dad4207cf102cd0497224f4e

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          97a603043107f9b7570cf35f9f480c50

                                          SHA1

                                          d2dab47197a31e2716110a735148b6f842f5fa43

                                          SHA256

                                          11f4eabe2695d595a7de4ca49c5798316910db35462c6d3b6e19300c093da8ce

                                          SHA512

                                          f5a86efdb5235fb8fc0d7197c27c86fe728fbbfbafedf584012a99397512e0f3b32f0c11ed14a86eb8c4663c10b6e9b30e29418e50c5ae2a291034a54f5388bc

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          3ca5af0a3d5ba0865659ef32c0f40414

                                          SHA1

                                          b1832cd57aa6af7a5eff71aaf066c6a532fe3cfd

                                          SHA256

                                          3910a7d4ebe6ef36096a78857090074d88e0c958268a94ee32dbb2838f2143bd

                                          SHA512

                                          f1d5fce3cf80e0cef30304fe783bd84c24cbda3234c9ad3dda2c392f12ea9f9cf011c810f77afe425e8970a6b1333df589c465e267a8e741ea19a465980b8089

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          261cae9718069da1604543db326660a2

                                          SHA1

                                          571f5ae15f02426c87cdd76d63c9a86e2aa5e20d

                                          SHA256

                                          bd55ab7a61041bcd44d0d7c84265e3e04dafe4533a5d97c2a825c8c73b7a0a75

                                          SHA512

                                          f8ba8c2892a41f9b9cd548977d5b62646f4d0ea6ccb1b37bea20ef7e7d65dde26b1bc85efcb226dcd43d71c991db0815144b3239e0f2975af95e95c1d259c67e

                                        • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                                          Filesize

                                          1KB

                                          MD5

                                          90164f1a9fe2bef848623cdacc83d90b

                                          SHA1

                                          b370f78768ea585bafc4d6923639bcd3156f509e

                                          SHA256

                                          db6834322dcb7fbf90d1fc8b4ec2b9a1bcbef125e47d16aafefbe21c14e18dbd

                                          SHA512

                                          c9832eb5039eaa78cdec19c2644d845e2805bb375ed13ef932638978a94d5cf58b9c7325fc384d351f966657195b8ecaf456d0bb7be67f9f74446c6c26427095

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

                                          Filesize

                                          3KB

                                          MD5

                                          85149c24a14bb5b6af71ff4019b61f1f

                                          SHA1

                                          cb5c153a3e54da02fdeca90b77f0e5d1eb103e2a

                                          SHA256

                                          1b70df4a3982a02f0fa04a60160f2e316a9b67dfac34a92254a1b6403d138e7b

                                          SHA512

                                          1d0da8c3e3d6b5fd2882b3b2957816f6fb441e2d1785a23272fd23ad70faf47d93e4118c1d27948a89626bb5344aeb760fdf125f6097e6e0d147ef8e9bd4e597

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

                                          Filesize

                                          3KB

                                          MD5

                                          3ebd6e350911ef4eb27079a1b9c9078a

                                          SHA1

                                          344235371f0034b21fe6ae2e72c9df3c29b556ed

                                          SHA256

                                          c0ee4116794ab5f83dd3d6837e3c52fae57c857e2f9c591bef46029a7027b2c2

                                          SHA512

                                          583c16ece6a1692a307d604db5f9d229c694a0a1b806f28ae3fd441df2d937c868f5609dc3a7c6794f37c9276defa9ae3be67e27eea28c4ad90b6ec33aa02d39

                                        • memory/3344-144-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/3344-80-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/3344-10-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/3344-20-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/3344-166-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/3344-172-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4616-0-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4616-79-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4616-2-0x0000000000CC4000-0x0000000001EFA000-memory.dmp

                                          Filesize

                                          18.2MB

                                        • memory/4616-128-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4616-4-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4616-129-0x0000000000CC4000-0x0000000001EFA000-memory.dmp

                                          Filesize

                                          18.2MB

                                        • memory/4840-81-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4840-11-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB

                                        • memory/4840-170-0x0000000000CC0000-0x0000000002409000-memory.dmp

                                          Filesize

                                          23.3MB