fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Analysis

max time kernel
1797s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08-07-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

AnyDesk.exe

pid	Process
1028	AnyDesk.exe
1028	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
4576	AnyDesk.exe
4576	AnyDesk.exe
1968	AnyDesk.exe
1968	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXEAnyDesk.exe

description	pid	Process
Token: 33	1188	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1188	AUDIODG.EXE
Token: 33	1968	AnyDesk.exe
Token: SeIncBasePriorityPrivilege	1968	AnyDesk.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AnyDesk.exe

pid	Process
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe

Suspicious use of SendNotifyMessage 7 IoCs

Processes:

AnyDesk.exe

pid	Process
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe
1028	AnyDesk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

AnyDesk.exe

pid	Process
1968	AnyDesk.exe
1968	AnyDesk.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

AnyDesk.exe

description	pid	Process	procid_target
PID 1968 wrote to memory of 4576	1968	AnyDesk.exe	77
PID 1968 wrote to memory of 4576	1968	AnyDesk.exe	77
PID 1968 wrote to memory of 4576	1968	AnyDesk.exe	77
PID 1968 wrote to memory of 1028	1968	AnyDesk.exe	78
PID 1968 wrote to memory of 1028	1968	AnyDesk.exe	78
PID 1968 wrote to memory of 1028	1968	AnyDesk.exe	78

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
27f2f49526a7fb23b4bf5ef210643ba9

SHA1
2b05e6ae8005893559485cb8b8e10e75d1020288

SHA256
8d02e702700d21d97f7bd55cc66c0101fe4632542d367dd57a08344c9e633139

SHA512
db9296c015025c92b990cae664f5f971a3246bacb0222f8272e42d92f77c80e50e66a3dbab9c1c5323bb3ca292650e9677edd30e098efced03d38acd918a5999

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
3cd76f52be88f916fe5c9b9f623327b2

SHA1
e490cd4e57b38205a4c2344506251e2be867349d

SHA256
e43aee9c545d96998a72d176c1f8e9657566b96d861fec389b2334396e82696f

SHA512
3e5e2a0d9323f8e7984401ca8cb745419de08ee714da172e4baecc55c4995ce0ae2b062c60b888f2403fb8fd3192f8503088cef64267634daf56fd8ca775611a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
9cc9b30ef312dd64c804268e22079c44

SHA1
a04032fa538e649cb71324a3a5ca4001f299b048

SHA256
2b0121df120df6e68273481944492ff616ac0b9c76dc0a7c10fb14ffac8f394a

SHA512
b8ed335f3a479db9c2c13b701e17844120d738be05d86813bbb73a1a29e661a2463022bad3f96a260ad25ff0b32dd3b8dbbb7abaf69b5712d1e94071b3f37ef3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
93d523a07bfb7c30819fd170497720c6

SHA1
73300b220719f2bcd9ad2b1eadefd029407c29e7

SHA256
9df677b24522aac273c6b8e953696c3b55ad6a74d4165f8d1eee58ea634ce085

SHA512
8f54c583459fb900f6d0a142d756955064bc3b06bb7f0bfb3841a5995664ac910373aadffc2fd16f0959afd5b284692a371cf8bbebc6948927c973fa918b7e64

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
cb99ae56e31f2ce0b54918a128159d40

SHA1
287318aaceab6de63f6be18ad0d11d6f04b986ef

SHA256
9684c2df8aa28bd9fecade2bd470814946591fbb36f05958df28fbc4f0c9abf4

SHA512
406bbf246f84604d60f431e6023266e1059ea3895c8b9e2d4e0d56b6a68bb4564292ea052edfee2cbb1687e6ef9123ac7e2faab68ae00e85c2432cdc16b65db1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
738B

MD5
9a02376a2b90293c5c5d788f5ecfc0c5

SHA1
9b67418e813de97784e4b9116fddbb89019ecc36

SHA256
a316d7058604e097c31b6a66c136e85134a67366719d00a7733eb1427d7d701b

SHA512
dc88345f5cdd03a62625bf1db26501fdbad1377a0c6a69540a616728f89daf86e0f2a4407ba9343b358c6516ca0ab29d9a8054f00ef61829f93db32d214b0050

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
785B

MD5
ac46fb98e785f3239371c93e54a4e91b

SHA1
ab788ec60ed78aefbb460ae082afbe0eff11da46

SHA256
0916e72112217c506eeca5b8358132b6be5fefa95153411000e9d980847685e4

SHA512
4160434b01a7f9ec220bf796caf46fb55cafd66840307b1310929cdd049c693a4aa6d580985d528c0944550a4be732e6e29e83ebb168191f9cd8493f13945a61

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
78b0d6e1b900ac4841fd007eaa62db05

SHA1
43fdfa425e5109755cbcafb303a31097078feeed

SHA256
f2f8001d3f862549ceaeecab096293ba19851f13e3a25ef414dd6235d62acbc1

SHA512
eaec6479ffb7b8e4607378c404235b338668df577dea62061393442ca94f9550a8af9c27821a0b102b02d994eb6b42621edfee0cedad642b5457314b3647bff9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\thumbnails\f93ec9dc1e6ba8b1.png

Filesize
35KB

MD5
693282eb64eaeda619040eb478d2076c

SHA1
51555fbaffb7225a58d8ade7c55353ede5eeb6de

SHA256
0a9079458e351dea04650a619380da68a11aa0035382609ccdc5c8d8e82835db

SHA512
8e053cafb77755f191928cc266c65b5fbf29129b98550931f2b8d11bf4f7ca0fef68d323c743733ebd8a3894d3117e35b301c322d07775075c7619260b00d581

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
84f6e62cb0603c2f88c84f0daac6b9e1

SHA1
8e0a535a34bbac5d14a04a111e8bb2950a1de675

SHA256
c3533a07ed65b24ab6c4661d545881be299cdc206e2c6ca069be0d6ca192c634

SHA512
10fbd0f0676ae9b01544c797508e405a0935d75b0f1dd593c262b034d5fcf2d8c24686ccffc48ce193a4c79bdb2af2896f09cf5150c500b12c06298a8bd7bcfe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
238873f9f7ca36389f496d742ac314e9

SHA1
d0762ef9bd5200e3b4bdb0ceb2833b0bc1d92b48

SHA256
a6f981e923cf27ff6aebe32aea2cf5dd785269d57e79dc530d4a2b286198acf2

SHA512
c78d30caff172fc1e811ef04b3729eae5396dfce11b274ead24069765fdc9f2d4b265b1023ff9f5bb36cc7127dd8f033ac8b2423ddc193571a53cd32abe27492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ed9d92918f53ace6109f941e7e6f592f

SHA1
28721c57d140d4c8771801e7eda2ea1ccd1420a1

SHA256
cd0c093793309fa5fd644e56c493ec68be52b575dd0d40fb822fed399764b73e

SHA512
d3e9c7be1f89b9da62b0d7235316cd93968305d92269b5b820cae7afab599773ff3a89ac2b32337a1668414fa0e550ab6b5d71943c440bcbbf0d7b91eeffba64

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
6929ce37f3354db0608170fb0e68c70a

SHA1
3e713fa46687f1848064ed930cc4eb8358826f88

SHA256
f36986e1e7c2fcece54e02c0549bf785d9d533486428bf532c7640cb404bcc8b

SHA512
6d95b41302cec2609a81562ffc29f0a53152f7aeabe8ae14e7a82ef78cca6a2e5becf06976a6b75857a27ae6bf2d42521ed403531753a7985497fbe74d0361a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
77829eb20cc440c8ff1e26ce46e61e31

SHA1
28c2704dbf7e4b7834b6742e41370771dc1fa76b

SHA256
2dc3085713667abfab02410dbad4b174fd49c383e0fe84ced1be46bd2f4a1e37

SHA512
bd63c50358dadfc9ae8ff58641cf062a234fc9fcff4fb76449764d70a97943251ce72ad833b605f62a78efc09178a3534fd075ac38e71690279e85f4011905c2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
316386e03bfa61ffc96222522563db9f

SHA1
22585943017a5b02a684dfdfae27392aa9e00f52

SHA256
e6a34dd68ee391100932a9a63e72f817476f63c7def41c093aedc882a263665d

SHA512
59d11f78bfed9efd1b5e6e7dfcbd364fc459870ac385d52b35b07ad5c823ba3a6c5ad6126223a27444b8dc8af2ad0684464e5bef9bbc42fb0ba8f71ad0ef6195

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6452135da5c064a1b80e2037e3cffcee

SHA1
cb59c6ba76262a8d1425abdc40954daec64f56f6

SHA256
dd2d2b5cae9ad182838f4b9fc91420dd975d313b44f2a264faf84ba4e0771f0d

SHA512
af416b0d4bc4d0b8d8c4aa784011cf691c8771ca0edb72d892093660f90d29c0995ec2f1594ee05223a5bf1acb8d4b2d7937b28bfb5b4f6265c01b5bb17e66d8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
ab8f18dc1dcc6550843afacd0af31493

SHA1
72d24ec46fa20eead0a3862f08e471899b322d9a

SHA256
1d2d8908829f28f90e4deb3ba5e1fd85633305446966a8e54f26153383125dd2

SHA512
6e573d02366921dfe21fea2d8d748b5d03f4197f26a28cc8a714b167b9978594014527c54b7c87d3d85c66b2f956a70020572e2f4163a6a582651f393e26d5d8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
3e36d5d70c63d5f5ebee832576097512

SHA1
91d816d4c33759fe3d54ec01a8cdbeae9271828c

SHA256
761473988c85cd94227566cb2770bfe5254e257a72de94f311a10959ef0c3bdd

SHA512
0329122d963eaf3c829b88776cafdfec8d99bd07e360c10de1f878b660db4020fd8716e0807f9ef807b7d9e6f13f98cf44b81648099c4b707bf69365937de5f8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
8a433c7bc1b15470f0e672556694d66f

SHA1
eeaa9a8c751b4d2e92c5245d0587df74a35ce15d

SHA256
01e9a461aeeddf6f210cc4801d34de2661e0716a312958b5a3c9eeb7e96ad211

SHA512
a663cb63282c92091a28a3fd0ff1e351112343b9672e7c10a6376242f8a75953ea721d6c88de05105795f5d20dd1473c8e553844aec29cb21d9cb65d31108039

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
5c11edb4fc3b8f15acf2a2c0c7082b97

SHA1
74c685018b2bd99612a73e7ce77a5da6bc78b248

SHA256
101a629b5a404ca7c85161ed295b70b2596f08f06e18340f0762b2ab7f34d98d

SHA512
69f7cfc1cbe52467bf7b07555bb417f61e6ae5d8943da92147870ae4104ae0ec034da4123c756ac16fdf17ae55707c8c58be9f834b2abb5b2d2a1d8cd9b89576

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
191c589d0e1da3897918632db7f3df81

SHA1
bd9e1c987f9a6bd4a82b25df9c5b67a7e2e635de

SHA256
fb94e887f8ab252a27ba3c09d8194a5f983aa4a7e8db031e9b964fc9ad894282

SHA512
1f1161a6897712190bbc228021ec18da822f3ddc13b845583ae836442df0aa61de74c572a217674698196fd9681955fbede3686ff17c5bb9b36f36dfa3f1454f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
f2290552d6fe8d725f41ba9f8266c6ee

SHA1
5d0d28945155ea28c4852d13905992e03f3e3bb0

SHA256
b5e5420f3f5ba05f8bc92cd3797d0b0fcc942c0e2be8a92987b05503bb4ff5db

SHA512
45607da3051c80f8dfe8d58bcd4241a0c8d7562f2810a01a3eea9a86f69dfe01343f3e22683c96b0fffafedf9e507ec870ad3c20170eafb3530db827a9729546

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
5f6f67492efc1d4c54f77709abc70382

SHA1
afc02e1cf66ee3bc6cc3d92c666c0b1a7f047b62

SHA256
faa17e742df558832c3e450e71a25900165db2553e37e274974d3ee2c6858293

SHA512
e96c7a45074fc636e85c0c7ade44bbdf4f5c887d685079a819213f6e0eb4b998a289c1bc7133e12dbf6fc74df9d60e1b8306d52356e92c18a0e4c4293c5b2ed3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
d210dd74240acd96fcecaf8bf1e892e5

SHA1
2e0cf0656204893b715bb8d262902547b558b08d

SHA256
6153cedc3a4747805f548c9085d55d07c897cf68ee9bfff752de6f3c3f5239d9

SHA512
cd0ee9325386267ee5c90f7c6dc0e52a2a6c8a8bcb9cecbb9ff33ab543d687296d619f7a58b2752c6136e931d416d335d35821915491356337fac6f31bb7cd63

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
39b09534f5c5727010f6b72a4a6ba7cf

SHA1
ee5ca82a20a6af3367908965089b5893e774af8d

SHA256
265d46fc5dac3563b26ba65dd9d1e58bf8fca4b9c0ab166369c0804af27e4d87

SHA512
10ae886808e72aa74c806a4b8cb89c22f0876277d456bddd194bc8b9e5c6f8d82a65ee784efa2629a59fba711727f3a460d15a01da8a1613d74e34eb1e34f644

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
461910ae9ed0909dc4ef4bade86cfb64

SHA1
6e349d05a749ad9a436a63a26c1281298482edcf

SHA256
03f235e15424515b06d53103348c2a7684d0b931a8620d1b16dd6f1c8646d485

SHA512
e4707d77125af87d20adf016c6c3d2e49476c474cca1e9b381c79b7bd5ffcc43a301dbb6de0ba7ed6a1223044332f3ad9cb36ff447979891a5addfb802ee9a8f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
e952d1cc96b07b1e44c45aafbe1e40cc

SHA1
56e42097f37093483e65603c6c5fc25b5121101f

SHA256
239472556f5b42b4a4879ff78dc076f5f41f92416a1ab52a09a523ea8fdfb006

SHA512
1a4bf23c793d5953a33c1ef95bce9ddbd02688b0d66665e742f9eb17d917449d8a392f2b8fd50115b5792a04f4ba5cad0371692d2edda79498c0ddacf6a63aea

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
94e4764b6d0f0cebcc9caf90456cb090

SHA1
f13b5f64dd34ca4affbde2698c5eb2d7651e0b84

SHA256
ad439b6cc315357dd9c4594613d864e81f13e05b967595f92a83582a767a43eb

SHA512
b0a2e95714b6fe180b4f863d87485dc89ab2cc22f43126e1b61f1c9e1f3229a554661fd0980aa6dfce6b5cd9a1bff7e1743e30fef3cdc0003821e9065d135e08

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b06c3411b5566ba4ea25646bb92e365f

SHA1
7708d8bb50e7a0a066e9e4f760c74c620f9f594f

SHA256
1640b38da89af6fd5a249d53a7f75fc93bbda32d41c9d391863226490bd1dbb3

SHA512
ed39a8cd42f042e6ef00a517ea8578579aeb233c63c2041bc504867fdcb80123890206098ff60f89d256e33ba288bd4e0b45c5d3bfa1703f079932af6ec4317d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
83e0c61aa6688e308e3bd610e0e3a9a0

SHA1
f0a5f506d9a5bb46f19feb9c6ff631d6d144be4b

SHA256
d60f6ad2743d7a8e620aa23a1f67208136e6a2cd791335533052be0da852b4e7

SHA512
1fb4b514d1ff11b0c8d69ce78df1955ddf126b1d51287a5cc730eb1259771435f06f0d37801745580798b1a0458c7d51fdc580a6a85f08ba5c20f28915c1c0a8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7613f37c598dc54c3f5547d72e1475d8

SHA1
a98a6feee2147b087aa76d8a777418108a60f562

SHA256
b7f519fc5c6c947d7d99855cfb349b1ad452fb28d57886dd079491aaddcf5bac

SHA512
b51927c777abbf12b25af85767e68b286ed4f6e6b1208b27a9a3933caafb2c554df1f48af144cfa7d27ba1d4335c72d4b3339d3e814d53e999a59df63fc273f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
890a82fa72f8ae9124a72d0e20cdedbd

SHA1
ea07a79b637cdedfe28da44b297bc49a9a37bfa8

SHA256
4a307c7145c2178edee1182f60cc64a754583bfc2d14a6f5fdbacba3b5c57189

SHA512
0c75f4c8c17f89a7adddbfcdce272aa7bb7c7624b432a97efb4d4ef217c85190dc0e523190b9305298372fa624e369bdee905cbeeddcc367418b69c9be18dd18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
579d2d40649a53930e257ecf08fb1429

SHA1
56b604692a94a600cc46233bedbbb8a2a4dd37e3

SHA256
6f26fcb2a1e63ee49d5bcfca5e84abc2677c40fe4a270ed401e4df3370a3d533

SHA512
f9374214793c4eaa4f9a020e4d66aa1e3564d010877883bdc19f91e62c21bf87b700e5a27319063a70dcdb3e770ef007b9e4c4fab08b582be585b8f2b342572c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
7KB

MD5
f33e0c80c32f9ee5696b1c6d64460b07

SHA1
f4fab2428456b0984f0422396f2e3c6e38c61e60

SHA256
34c695ccc5aaf1d0b1cbc1f16e4988104594be602a7f9f75732502635387f389

SHA512
7593da964eecf01befc95dc55a9ce9c3c7b37465974d73607754882a2964345841dac4a3041f869df3b1f665b10d6ce7fbb76eaf5cd2d93399f0f97fc22b755c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
b32e5d134fc2a36859153d7027dd8717

SHA1
024b6a15038e1ac0f8438a431f10dc0b2d8f2b1d

SHA256
f53ae0a19d4d78650363614298d86240ffef4c6d939f3603309bf595d2d1d9ee

SHA512
8ff97fdebb965c3a1f52bda23246400f1ae46b041d5beb25de2a701f5f29d59b5f32576712aed50fc87d7d3fc8d15a39a37fc152381ed9c5a8b8fe7c83993149

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
7KB

MD5
60529d227b2967f188fa8c4df38edab7

SHA1
1c8bd1d6dc4f74c3961c01ed1e2868878de381bb

SHA256
94aac9846275d0f6264c35e868e5d28532a5e7542a1344e056d5e82507ae38ef

SHA512
c783ad79daaacb4db4c4460b4b58fd2097d4164e8e7b160c661a6f571c2ce938a1021534bd852f89eb11c0a7375e2ca5cc43db394597cea01e832db5df894f74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
b1c4aff1e7c304cf204e636705ed42e0

SHA1
087a762791457d27c1f8b6bab38c5e14efa4fea8

SHA256
708eb563ffc81108273b643184f3317d3019316eccc878a9e5b261953da88fb4

SHA512
b44df8f0e7904890bcc9cb6213520b534adc72389109d5e524ecc7ea3fbf11746e0e2f5a8eeed8ed75514a111d123b199a873fe8e031df4f944c63d457d441ea

Download Submit
memory/1028-13-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1028-9-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1028-327-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1028-303-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1028-282-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1028-214-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-351-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-218-0x0000000000214000-0x0000000000EBA000-memory.dmp

Filesize
12.6MB

Download
memory/1968-215-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-280-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-392-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-301-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-377-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-336-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-1-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-6-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-212-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-219-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-325-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-222-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/1968-0-0x0000000000214000-0x0000000000EBA000-memory.dmp

Filesize
12.6MB

Download
memory/1968-250-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-305-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-337-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-23-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-326-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-352-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-11-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-251-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-223-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-213-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-281-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-302-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-284-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download
memory/4576-393-0x0000000000210000-0x000000000128E000-memory.dmp

Filesize
16.5MB

Download