1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Analysis

max time kernel
600s
max time network
597s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27-06-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk (2).exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk (2).exeAnyDesk (2).exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk (2).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk (2).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk (2).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk (2).exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

AnyDesk (2).exe

pid process

2188 AnyDesk (2).exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

AnyDesk (2).exeAnyDesk (2).exeAnyDesk (2).exe

pid process

4900 AnyDesk (2).exe
4900 AnyDesk (2).exe
4904 AnyDesk (2).exe
4904 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe

pid	process
2188	AnyDesk (2).exe

pid	process
4900	AnyDesk (2).exe
4900	AnyDesk (2).exe
4904	AnyDesk (2).exe
4904	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXEAnyDesk (2).exe

description	pid	process
Token: 33	3916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3916	AUDIODG.EXE
Token: 33	3128	AnyDesk (2).exe
Token: SeIncBasePriorityPrivilege	3128	AnyDesk (2).exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AnyDesk (2).exe

pid process

2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

AnyDesk (2).exe

pid process

2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
2188 AnyDesk (2).exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

AnyDesk (2).exeAnyDesk (2).exe

pid process

4904 AnyDesk (2).exe
3128 AnyDesk (2).exe

pid	process
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe

pid	process
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe
2188	AnyDesk (2).exe

pid	process
4904	AnyDesk (2).exe
3128	AnyDesk (2).exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

AnyDesk (2).exeAnyDesk (2).exe

description	pid	process	target process
PID 4904 wrote to memory of 4900	4904	AnyDesk (2).exe	AnyDesk (2).exe
PID 4904 wrote to memory of 4900	4904	AnyDesk (2).exe	AnyDesk (2).exe
PID 4904 wrote to memory of 4900	4904	AnyDesk (2).exe	AnyDesk (2).exe
PID 4904 wrote to memory of 2188	4904	AnyDesk (2).exe	AnyDesk (2).exe
PID 4904 wrote to memory of 2188	4904	AnyDesk (2).exe	AnyDesk (2).exe
PID 4904 wrote to memory of 2188	4904	AnyDesk (2).exe	AnyDesk (2).exe
PID 2188 wrote to memory of 3128	2188	AnyDesk (2).exe	AnyDesk (2).exe
PID 2188 wrote to memory of 3128	2188	AnyDesk (2).exe	AnyDesk (2).exe
PID 2188 wrote to memory of 3128	2188	AnyDesk (2).exe	AnyDesk (2).exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4904

C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe" --local-service
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900

C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe" --local-control
2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe" 1439033379 --accept-invitation a77799b0bee770b2a58c157f3110069c
3⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll
Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
6KB

MD5
dc9841e643c31cc1c036cc444d24c4bc

SHA1
ead39eaf8f0f54df70733aa5ff441ba339b2031c

SHA256
9dd14dcad827f73912dafeaafb4cce6ba5126fe356afd0f65f6f135810994f0a

SHA512
452140d04793811c3a7bc0cd5cf2951faacb13d5eb1bbdfa8254c6e1efc562441d3c2179d9adf71ce8b5f333a51a2f47d543539cc1b17dd04d643161d785d99d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
10KB

MD5
e364a3714fb8c853782faef7f77aacf3

SHA1
3017b521e3a524d145d2c737d58d7799e0c0f0d4

SHA256
0dab83d58c6f2b7629a7d4b7e397283d496758547174df7b88efd216897d7322

SHA512
f5f6ecf8ae5c76015be03bad49dd3cac99e220186ac160ff353e1698ea196101c5b625e4ae6b43a87c1d57c34444cacc623338f2199eb19f2cce7440b82106fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
42KB

MD5
bf99faab7bd615852bdd7a4e7f4085ec

SHA1
2e7b4cedcff32c0ac33e6cbe10d00a947820c559

SHA256
9e404254a33a493fe33078e264ee397c42ec0ab604f50aa5847d2a8e2af05d12

SHA512
ec3b51b0c835d208fd4c8af77e3d9ef67df2790d9bea20f7b10c4572511632e559dd085ad383c3b0af6ed9ae636b9658d323e2ccd8184c058b97d94ae5f70466

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
Filesize
2KB

MD5
88199c5454d9e888e2fd64c6c26d1459

SHA1
66b1eedcc0d94573aa361308fe1b6a038cd6990b

SHA256
abbf204c916da9d471ef3a4d28759df01fa867aa36e50c980b6c9a88c6c6d409

SHA512
4da7fb0c25c93dcc8e1c10b717c45b7da0bd76bd95b8912eb3582b80ec0cfd1b6bbc147dcb9be84fc133c5fc976e174d9683580bfd8e32e042c311b08880882d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
Filesize
2KB

MD5
adc75c591171c4f2a122c77e4828f294

SHA1
a97dccfdd001700975eb4c5676d83fc9056fab4d

SHA256
8acb6f62ab07bc274d49eacd968982df51b478854f330ed85d40e83a04b53a32

SHA512
e2e4de57c6eca0c12b89ba2db4f5c60ba8f3f197dfc7d0219c1448beec40a9fe1b7f65641a60f43bb3f77efe5be138c3863a460b1fa922923c7ad41ffece66d6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
701B

MD5
774bc50e6dc7dc841118e7a52b646174

SHA1
37f5013146c04dc45281e0544420e80cbb8edf02

SHA256
956c3580379d91f52f426032c2d0da4c0c0565c24aee6d4afd2da89cc9c32a9e

SHA512
4c806146a4926b697f2e18f40ff5b2e528144355ff35a7d465e1eaa19df3b046a6df71ef649597e67c65efb80f48144fd53654fe6244df322f22744290e7d658

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
758B

MD5
7613fdc2f4412fffc1b35d70767feb07

SHA1
f3b585a1ae8c053b8561449ffe87ab1a1b80bbf0

SHA256
6ed06eff7b4a08bdc2b453caab3e712816b96034db11e83b7913399d312487c2

SHA512
bbff5e84316f090d4439c4415f9aa942195f83a2945e956ea1c79ed4f974f7ccbcda014771418be6ef3a39394fff83be8095323fadb6e5c53419d3e1c4a49b9f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
424B

MD5
b06c8617ea89468dc8fd212ae8772d84

SHA1
3bd0e76d288a13d7e658a075fc710ca184daa8ed

SHA256
383a208876fab3da69124e1a3321da8684bef697675bb8c7991eda57f1161d9c

SHA512
bf526d253a850a76b92a32f0df16c04c34ea247d8a0cb572bc9ce7baecb91afa73c2fbeaa2b2617a5fab67d0c760c9e73faa9220bbc8dd5fd696a0f4bb750aee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
424B

MD5
7f5299273b61d547c3035f842ee706f7

SHA1
bf8773b585d318eb3e57b9e0a42ce5529fb8c120

SHA256
107ee8b56376aadd818f7a4b36d09ee0987257dafef54d0180bf028c434720a8

SHA512
6c1cfe33091ee05d60d44dc8f46c0e9bc7289110c0e673fd2c1b06ec88632af3ce26404adb504721dba90b006d165dc9563cb956df869f78e7ee330ef9dec86c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\thumbnails\df003a9ba74f50a5.png
Filesize
18KB

MD5
7f6c66684d085e826353e6d4d3c7cdc6

SHA1
a5cab0adb6edb38bf5692ea0490324c945256d58

SHA256
b41d5c2be8fc3cafe238ef4459e6621d729ab2786045db15450e7d56dacacc4a

SHA512
7c69bbe448c9da5589ce6eef887246d4a4edac7c48ea6875f1af7c98b227bce4e1493a39cb29675095be257e80beec5b4e2dcd404d792cedb7d0f54b5274bff1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
2KB

MD5
e97a56b8d3d159578bebe453facfa7f2

SHA1
a2effa591f2351547a2bcc75a1b7ebff53054d2e

SHA256
9fdb296984d22d70d890e8fe35f050ac2674088ef2d17a4b75b5e55e481d7034

SHA512
4f7584db8bec51282d1b36c388ea42306c7441a9b1c07032d45eedcee8e651d7105c087b2e17d8c29775e505db6ecf642c393c398addd6a677326abb787830c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
2KB

MD5
0661af51c926ea0518288089fac4efbe

SHA1
0f7b0830a7aab285b98fee0b4c22063ea3e36d4b

SHA256
dd84ddbedee54abc75175f650dca877d0245dbbf590a7ac0a7aab8f4471329b2

SHA512
00ad5488fb0f2681f264734806bb7dce07b96f19fc8c1fe1bf1b0b50ab8a6a783ee45fc420933afcb0a87464aa20e2e5237633bf559e7dca13e1b380a457af7b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
cda641a7f473cafde599ea78dc447bb3

SHA1
2084932ca3588fc6705350817f9013c824b9c6da

SHA256
376f5234010c02ba8c479dd025ab6285d8bd2e17807b091ba63ea437393a3bbc

SHA512
09a5efe8f65a9ed4470132d1ff4bed2533b584764a1823d9f984d5f4ffc74e1cb6305b4ec1484ccaef8e71a59d884a02343ae5e3848d1d68fbbd77025e9b8c86

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
8cdd041adff3bff8e3586256077067fc

SHA1
13c9a897b14e5031345a22fb2d719235072e1678

SHA256
ae4967443c2fa2c2d16414f9134a45757b840809cfecd6f24f91d400e7da32f1

SHA512
b85ba0584ac110ea46eaa799e873531b06cff04f9070659e059f8111759547d6963cb75a9c172a7470cf42e817398c879a5e3f51f9cb3096295f54082d9dbac5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
03af5293a958a06d4cdea34cf67546ce

SHA1
0411f759df0489b634571ca8589f0c7bcfb43371

SHA256
5a7fdd8ab760fe711341eacafb82fedcd113df6240c6ac3ed9afd57a107aa58a

SHA512
3c9af1c5bd12f9a6987e703b89d535fa654ccc60c10b91ce26450e1e98d8121980f910af66ccaf7804f4b7d6eb1d290051c20a46947341d94f7400167212fd68

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
e3704461be87251e1220c35e57a60d36

SHA1
a4f19cbfe44562c1c92b792eff90e0de06f39f11

SHA256
7f6b5a51f769a286f90b1dd584845218dac6818a372dad8df439039d81c2ba45

SHA512
02ccbddf01516d9ee060f027fa461fa93cdef33d803e7cf51b145a170166ed3985e8478cf8be73cb118cc58c838aab8e2a8a7b865b46f58ce420b97c7caf6444

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
479fa7df6cb3c1b85fc07e8e11d67d6f

SHA1
23fcbc327c1727905712768611789842da8bf52f

SHA256
503dcb89145aba474e566ff64abd4041ffcacdf323e1cccae4bdd0a5f2f625e8

SHA512
a6d5dc2f17500309d311f4d6f0e3edc0473994373724494e2f36e09cbd412c1f34bb26ddd80ac91fd8d1c1bce9ebff6cd07987a12f4f1540fd182088e5763cd4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
acf2cf7859f304facc2ca3fdcfecb298

SHA1
18c147cd0df215c7519cab6daa7d7d552acfc7ac

SHA256
3e1ba1cddc5344ad12d24fa100f76b87015b9f9ea603c18fa72c677821045a45

SHA512
2154209e6412d50007ea08f42c8804e757c21f80b16bc47ed2aee9f95b624178acd560351fc865aef599c0e485901d8717b79c7718231d0988d6afee8a9ec531

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
3011f37d16ee154d3fc4d57499db7fbf

SHA1
474e4992f72726985613d5f56c32cffea97e2380

SHA256
be9399aabb0ceb341a800549487e0d5295bdc8d41b5e6dd15f44d1e2ec58616e

SHA512
a1351837addc02666a3f904c1910eb5fe81ff5975783b13c91388b813b6fa0884974a85cd44a19cd93cc969eaf2cf0f7fce806b819f33944864c727b0e58d375

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
7KB

MD5
ddb4abf25e5cb81237d79b1e4d6c91e3

SHA1
195fede0290b1e3626d5bf4465139463612c59d1

SHA256
37ca82c52b89c8f67bdc8e43da1309a89f8d792cd5933ee03c1c80844b6e3e26

SHA512
2c6189c5263680c6259ea0cbcad352e7645d6e8a8f7d1d6df57f8927fef974554205ac9d892df336f7f5fd1ca082b4dd061cf89e629d828610f89aed1e8daf15

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
e4f8106e5453ca0ac02e5023afc6b9f8

SHA1
bdde5a3902337a7cae5fb02a296a465ef5ffae08

SHA256
1a95ad2c3ff344d915a076045bf6382f5338b33afd2c073f20d70204d406e1a7

SHA512
5f0cf7dcd34426b506d2cf7de4ac918de7accfbf83b6211a10c8dd6d58e704f8e07fec4f97a5b0b70f0422ff44db4bd3c4d672256731e3242313698608cfdfce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
2d93bd4dad3a2fe8cc4331dd854c35f8

SHA1
c05dcf52b0e01f3092e0ac7a02cd1b3fd95e9660

SHA256
f87561663459761e1b3a766ba3ff5ab1491f81f5121edf139f9af3a4e7548cbc

SHA512
9534ad72abbfc9b79bde6d8cd4939d0367b78f42391ab5cc7172a1694752e811029a93b0eca6fa55881e7b5c52517cef2da2f45b67ad7a4f84f23ac069304039

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
7KB

MD5
32ba4da0e6fe238fd2fa1797273ab149

SHA1
0ff58d24de975829e7b13a275a251098727ca05d

SHA256
674e376f521cb783869bfcb333845de48dda4f5e4924590ac0f0aff9a29666ea

SHA512
f2d7ad426607e39791437fca23c3bca67e40a8eb1905013d9873c4ab6bbbadc3bf1c4c71381d1064dcb0df7e150dcdb10149f7cfaceb024424f0a1997009550a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
7KB

MD5
39ef0742a6b226a2842bcf58a126a1d1

SHA1
eb2a2eedcf549b2b862234be472d2f4b75a08f9d

SHA256
56a0aa4b2cb6eff323e4286554aaba076ba379666b6933cc03cbf10925206615

SHA512
f7e95814195fd2d4b2f38106affd7f75af0cfe26360efafad327aafbb75e7bc2d8a9a7f813924623986576e4cf387d9a4d34ee32c444d319bd0f6f21434f2792

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
7KB

MD5
cbe84ea1f02948c0b93687dcc886e3d2

SHA1
47a778c335095cc2b5f8f7129ff3ff8e5684de1f

SHA256
7df2f0053475c7738b9d9a9780320008ceb9c659b8c84dd019c0e4444991bd55

SHA512
c0ce28fbf9ec42f9ebff5d6133ffca8813120d3275fc4833ede1909ed115d44ef8aa085c61a791997352fe3174de71a526cc62588057fd6a70bc885315d555c5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
7KB

MD5
1f8e273de0d971384c9b1f643f6c2eee

SHA1
f8bbdff5fc5e68b029c6da0c06c2b719d56f7545

SHA256
b74a08a187e8fc1aa9c994dc62aad11ed8cedd91486ba1c36a2fe0c2e9c9a027

SHA512
8bcd3ff2744c8e8cc4dfe28e994b109b77b850c5f33ea59ff921bf605dd2cef25c6aca489be121e194e3cbc1889d52de8687f16f0b5cd802cb1dc583ae054329

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
7KB

MD5
aef8ef5a3a828b049690cbc93f63a720

SHA1
5a6fb8444d4e10e6dbe0ca24d9cfc24437bb822e

SHA256
1c9fc2ce77a24d50b91a5cb5d96884e82bf6ab991550711b9f7902dfdfc3efa8

SHA512
36a32582a9963b10d6e11504add1e9d587b64b3a5751049b2ea6d06d6381d3c970006998f6970b8358f7a433804c9ea96d9b18dcf437bc40ddf904162b05ad62

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
8a8c5fa179408c6bafd36c96df8d1d10

SHA1
5548e47c3c92f2341013738dfd547f3459d29701

SHA256
afea3ebd3a37a009c02252bba0d3cacd02ee6d91f9c79198ba975e6359b2bbfc

SHA512
32bfdab1c3893183daedfac376867cb3b993304d5944285dd20d892f27e191caa0db1ddc6a2565bca55a0353c2005ecc845af05488671ad03750f6d0dfb6acf7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize
3KB

MD5
23913eea9d32c1b9c60983ed9072e3e5

SHA1
fbabb375b2b109962d6df6e95ef13ebd27fc60f3

SHA256
5e9542730732e40ff6e09793b9c292d060b99efd6ac93cdb916e03b9b39770a3

SHA512
93bbc4464c5516b48274c301aac4c55ce786145c70fb9ffac399a4a035725eb0ef7a4fe4deef13d9adbed8699a1d96dc91f154992a169a97a76b15cc351b76e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize
3KB

MD5
e5f7e0cba6c44e685c1696a7a626ff6f

SHA1
d657bd3b8b3fd66f28e10774251f383c0cc730b3

SHA256
951ceb91756a610d76bf14a660de3ae72ebc20b61b07b7eee35bcf37ff6d09de

SHA512
b0d28b0e94cfbd76dcbbec1e6a4b17288c3541e8d5e45af8e8650c21afb6e0d840b09abe3a06191613f2d5bcff8a1e89adc94a1e3f8d0cb08e8a72de87c93600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize
3KB

MD5
eb95a8664021303a3434af26b0c2de2d

SHA1
ce6a5883daf91bcfdff382b56f8761510f8b9232

SHA256
9ddc5c0ec026154e71be9d59a513eb2eae7b5321d599fdcf96e870bb62b97b92

SHA512
90b5c66f0a388f3c03def962af0af5ad16e9fcfb8aa2374c58cb174a07a55216bcd23890ef2b3b6a336b8f231dbc3f5cefe67940f3a66a51dc3bef64520a7714

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize
5KB

MD5
e151c76f27d0a2d5d7fb140076b887fd

SHA1
e85b486f924d7720a1139d85b8fe3e8addb6a109

SHA256
78bb536d9971ed8ef033feca83ab41ae1bae7a8fd74e88f7e98d1ddc0b4f485e

SHA512
9cd5553093a38e4df7f5f2bb3d64d90bda3c24e957d0b5c04c3afac4363a0d9a648d586aeccdd923d99d87de1721f0f8cc6b4704349d541d7039dca188d6a766

Download Submit
memory/2188-269-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/2188-300-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/2188-348-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/2188-10-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/2188-219-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/3128-386-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/3128-371-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/3128-367-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/3128-273-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/3128-359-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/3128-337-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-361-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-258-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-388-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-225-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-12-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-268-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-382-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-369-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-255-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-365-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-347-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-299-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4900-218-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-257-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-0-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-346-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-166-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-224-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-220-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-223-0x0000000000234000-0x000000000146A000-memory.dmp

Filesize
18.2MB

Download
memory/4904-2-0x0000000000234000-0x000000000146A000-memory.dmp

Filesize
18.2MB

Download
memory/4904-4-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download
memory/4904-298-0x0000000000230000-0x0000000001979000-memory.dmp

Filesize
23.3MB

Download