Analysis

  • max time kernel
    77s
  • max time network
    300s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 18:46

General

  • Target

    AnyDesk.exe

  • Size

    5.3MB

  • MD5

    0a269c555e15783351e02629502bf141

  • SHA1

    8fefa361e9b5bce4af0090093f51bcd02892b25d

  • SHA256

    fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

  • SHA512

    b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a

  • SSDEEP

    98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: Robotoitalwght@1700
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
      2⤵
      • Checks computer location settings
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2664
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
      2⤵
      • Checks computer location settings
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2800
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b09758,0x7fef6b09768,0x7fef6b09778
      2⤵
        PID:2216
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:2
        2⤵
          PID:1440
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:8
          2⤵
            PID:1620
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1496 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:8
            2⤵
              PID:2596
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:1
              2⤵
                PID:2120
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:1
                2⤵
                  PID:448
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1728 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:2
                  2⤵
                    PID:1068
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:1
                    2⤵
                      PID:2184
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:8
                      2⤵
                        PID:900
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3800 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:1
                        2⤵
                          PID:2060
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2652 --field-trial-handle=1248,i,12818157749890147375,1153348778165635200,131072 /prefetch:1
                          2⤵
                            PID:1824
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:1736

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                            Filesize

                            215KB

                            MD5

                            d79b35ccf8e6af6714eb612714349097

                            SHA1

                            eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                            SHA256

                            c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                            SHA512

                            f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            64b9aa369966d1b42c8ccf5bbe8666d6

                            SHA1

                            779aa5d2602d7b446bb3b4638a5dc92b363726e0

                            SHA256

                            22976f17dfcde159b377ca0a7ebe0e0b1d69c4670606d4c7fd52c039f012d966

                            SHA512

                            f414d5630bddd730eb0872253d941bddb0938ed3ea74c59f88c0fa620c11ac90865d0f9c2dbf16a3399dbf5887701bbb477702e3af66416efddbecaca08ca0c1

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            34be0024e99d2d316461070a1ef998bd

                            SHA1

                            5dd1888f5e6d3cbc074b79c68e51b96a2439bd7a

                            SHA256

                            cd0e6267a255838f20c1d55ffc4a69814c4e40337a9e35864218b76daffd9c13

                            SHA512

                            813c9a632453bc096d0403988046a344334fb86560bb4f3f519590dd8d41cc20078ae91036b2c7b496ff7912f5fad9df66b8ff3bbd72fb8214f87e6fc44ee6e6

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            f6ee07242a1c1444b18373470aca8b0e

                            SHA1

                            a1e3197d11796fe7436b7f61d3d5a79f5358ef3f

                            SHA256

                            f40364f637f1ad4a144592b1cd26d4b94e7d6e21889f2425f5004fd2d52fe355

                            SHA512

                            09af101517231f1fb59240a72789a48759dbed7a5958184bf5ef91c4965ecbf91e6b668ffb617c7c97136cb0fa86d933c4a77fe1e14793dec753eb68040d5036

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            c6071b8169fd39c39d4d4fadcadb47c9

                            SHA1

                            eba6eebb4941fdcaaa9b89cfbeda0125724a6d1d

                            SHA256

                            9bda8124b4b8431dc9108640f1289f4e1209380b4a178c4fe73804849455b472

                            SHA512

                            e65ce5ef11c4c41ba273772b7b6eca6c4e3ac73008e7c86707e8c8d946a841c755e0d27e3cc979f46dad792bd1be736cf34b808ea1f626981a0cd13506e10ff1

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            30b203e0f68b79c4f13f3b9043b18fd2

                            SHA1

                            765f5a95619ef59782764d1877474bf743f567b2

                            SHA256

                            c08c597b3eefcd78cd922d3632b4be74121207d179413e36be64694d23560e5c

                            SHA512

                            6e607d142f336d1a73e62ecd3821a0089c73e849b08ef5fa1e802abbd0d11b7c2b16d8f652d7045a33558132e815b7ab31eac31647124768b3aaec076634b8bb

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                            Filesize

                            16B

                            MD5

                            18e723571b00fb1694a3bad6c78e4054

                            SHA1

                            afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                            SHA256

                            8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                            SHA512

                            43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

                            Filesize

                            5KB

                            MD5

                            a6b9e1695a74db432f1bb6b22ee47007

                            SHA1

                            0b2b4c1cb599cf83ce0240281add966110fa3fe2

                            SHA256

                            69e498cb454960dd83332a1f77107958b3776d761c0815dc0bffb5b6b84bd98a

                            SHA512

                            42d4aa482c14698e10395209031a365a676d375791bf5a149085900f3574af8f0d414395990ca0a7616b1bd8ac5d70ce0794fef3f5c3de513b26c6e22cf65704

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

                            Filesize

                            2KB

                            MD5

                            e475bfe04c54929dfed78be6975f28d3

                            SHA1

                            7ac6fdb2fb7dd08aa12fb6c6915cd33bc94049ba

                            SHA256

                            01455e1ac5f713ed665e7ec623a332f97f1f7d9b17af0d8d891b377c504ac8ee

                            SHA512

                            faf6c7caa8cd866df477c4dba6c1c89edc9da45f88bdf2265ef4d79a08da2b1eed00e7d75b8b1b78e3c707d17a85cd3e7521b50cd146a9ddd39b083bbfeb99b1

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

                            Filesize

                            2KB

                            MD5

                            c3e0b8ba48bfdd7fec71ab8740c92eb3

                            SHA1

                            98582df68615c803fdfafc30003652d43997e737

                            SHA256

                            8434618ca021ecb26da0d8ab8755e26c8c99addd9cd65ee85338a2199e25e090

                            SHA512

                            2c3d93028e42c1c4e63115ab68a71302483519a9d69b08af3c08647d3957f570d9d2a4485c4473c0af502aebb4409de7a9e9731cc7167cc47333c7891d9bfca0

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                            Filesize

                            676B

                            MD5

                            5ecf0b773499bbb187cdec1a8515c15e

                            SHA1

                            7c28f3495680e8b7eef8d95087baa6350212fba2

                            SHA256

                            6b0328d954570c60d438337761593b4367375f71f550778d1afe91eeb034ee37

                            SHA512

                            5ed634ca07bb7dc120ca2b506ce009662c73573617a6b5226ac49ac0d916d282ab6e56e0022578f6dd6826294f2fe2259c7c3606b461626b54565535e7774007

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                            Filesize

                            697B

                            MD5

                            04a8b52b4cb1dfa387b10bed1e205f62

                            SHA1

                            ff5b8f4aeaf7fa1471a83370c1e851dd27ec9d05

                            SHA256

                            8c5ca74920dccb2f7d7c19822d365a173ea446788df8701b07d735cc6380821c

                            SHA512

                            27db6599d6fc6dc07cfac270f1a528638113038b5e876e9377acda417049da1597b692a830412d63cbe389c026f77566fecc9675a3c06e6d66cc52f112208042

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                            Filesize

                            762B

                            MD5

                            725db39d1a0e10dd624c4a6b33771151

                            SHA1

                            e14acd0180712aabd68ca329cc62cee0887e3cfe

                            SHA256

                            0eb44ea6d41baf345aaafec3d1fbb1ac2b366796a5e954ef604a1e1517d7bc15

                            SHA512

                            e60d66d1e5627b40392fe43ef42baf1e59574c236e99e8ae124b7b7399f3748ca1d0a17345e25e275263afd62beabde623ff52eb554426eb0d8d233abaae7645

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                            Filesize

                            831B

                            MD5

                            b2b76c7b7904e20e28f290cc58ac5c64

                            SHA1

                            00954677459123f1b8f2b453380e52407918aa50

                            SHA256

                            4c6e52d6175d3dc627c2db89539c18bbd53508921db4672e1d47476af793458f

                            SHA512

                            5d6ffca23f35630d83c6670881f5a52be690c28a8a6ac6f86a863c257c41b6d1b3dacb15ed4e5630f2bdb85dce4627a20199e75e3fcce3eea6ae07f07be6819c

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

                            Filesize

                            468B

                            MD5

                            167b95bb6c179f96d3718f2914c304cd

                            SHA1

                            70f107700df6dcf1a380c81a9cd16d6f10b8d777

                            SHA256

                            39d6802c9958638e8d57598173aae61c98798705425a69d46b095f4ce19e2117

                            SHA512

                            23b921721b40b1ff7c6499c7a372094279d7189d59f12f42b8e70a463d01110aa9f6fe6409cd0da32c6410a0c6cf9765317bc278e765c21b81706184b992359d

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            1KB

                            MD5

                            36666c7120e9a595821a8f2606474e52

                            SHA1

                            54ff49af804810c04ee971ca0e29d413daee2bfa

                            SHA256

                            aec8fa49ffadf46d620369af98c80a146cce739d3f9b4625fc17f2e5985a1cd6

                            SHA512

                            7c38801421a9b9f4f1fc305dad75e5360f46303f59677f29a87365b45c700facf413bef6d3db17b5e5abc97ac87735ff204c8bf96ffcc46649780317ca02b7ae

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            1KB

                            MD5

                            447fa609afa7913f2749d9648b83628e

                            SHA1

                            2e92cdefd75d3dad75322f3f69fab2ac069df388

                            SHA256

                            6dc705c244a15a4294369065c94d34f10de997d604effddc7bb38f8cd35e9b87

                            SHA512

                            bb3d711f179abf0524fd86475a74fc4dfc0859b33f57c4ffd3b25fffac4af6bc904a92e456ae3c88ce7c32ac1facf47d4348274b699382678a0eb827165b9d0d

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            2KB

                            MD5

                            5a1e08431ca7bc323b6afd94311dad9d

                            SHA1

                            4a3c471955234f98d7140c7fca0c241bef8cafa0

                            SHA256

                            dfe5d1f22720ab97abd7a5336cc15aeb21a91b2812e7976a1136aeb969fb5e62

                            SHA512

                            e810a2b216396e7a206b30f84317d02a01cf494e32bdb8057e17f835004fa3534656578e8f3a52c04924e59137914d4329f817fb0eded4630fa4e9aefe389732

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            2KB

                            MD5

                            dbd2caa6b24b9d56299fd455557ee254

                            SHA1

                            bc7a3e207d4b3bcafa65d5f31682ffb35e6a2559

                            SHA256

                            66cb1bb1c97370db72ee7d94d8521a474f026f9b7cf74f739681187d5e23a4eb

                            SHA512

                            0ddffd0494031fa203ed2da1f87884822bd7bf9d9b6634ab9208b36549e87b031bbcff224f569292222adc7f8cc2e56fd203f7bb9de67bf90e981bce5157e43f

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            6KB

                            MD5

                            3122ec420ddae0668b4406d69819d6ee

                            SHA1

                            5ba53494c1eef3e391a323eff74c29fa635a0f04

                            SHA256

                            8d249ebcf6895f299c73edfd06cf1dc2690d0b2ed46c58f76a1e7a9ff58c0d98

                            SHA512

                            ed8fa119320bcdb62a811f1aab1182f080600f14d0b7013797b6083ec2fed0ee7df0705526abe50456e3d8ff5dc6b941257f275ce5944c0ed852aeddd19b7134

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            6KB

                            MD5

                            3f13f1c792c4f84c4fc097f474ceda5f

                            SHA1

                            784a4f034ee8bf3405db2783be5d610b1a561498

                            SHA256

                            c978e91571a7b20e8ce94346b4f96697f5a768081c8c9323d872e48574de0cf8

                            SHA512

                            3da28616d63b983973ce700bd833c8c11ae4b9fdfef4d2e1df282a3fa8b22594829ba00632b2309207ef4a5492ba5f5315472c850ad80bf2d3c2bc49892bd6c9

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            1KB

                            MD5

                            f158841e2f09b86ff0a2b9e780122cb7

                            SHA1

                            6da263322861282406e5eacfe5860b1a5127ab42

                            SHA256

                            181912ea60a912f4c96058e5879fa3d23cdcdf7a959a5d87820f5fba54459d49

                            SHA512

                            9a15bc16e7f93e04c727bd91a887f8b5eb1d93717e02cc31d3a03a979880ba7f994114bb27053c2f8a76b1732e1d4e2c66392d1de379261b2fdbc3c0aeb9804d

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            1KB

                            MD5

                            6570d7a3d00214e6677880a0eda0f6c7

                            SHA1

                            2c39c91759d703c3721bdf57da56c5fa13a3fd1e

                            SHA256

                            dc1ce443701ffa63169e308d0f68354423fd26c1ee22918ea662809f37727fa8

                            SHA512

                            8f3e20aa6527272cfdee62e0e9b150bc6bde06af1435b54e0d029c577b791e82c955dc04feeeb583fba38662f937cd74842c0b15fa5fd71df084c628d567d5cd

                          • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

                            Filesize

                            1KB

                            MD5

                            128c8c0e7adbd5f285a485c129c3aefd

                            SHA1

                            0f0400a6ba381c9a632a72d86a1758c6798cd74b

                            SHA256

                            f83a081b51516fece608c1f0da7b58e31861fa3fa9e5785be1aebf0ade7f1306

                            SHA512

                            1c56cee00488d946dd3869191895eca04aa3dc907f12ca7dabe249db70f6bb2a2658116fd095e3e889ed7a23ec29b843d939341f9fd3a729ba1153a67fec180e

                          • memory/1800-310-0x00000000008D4000-0x00000000019D6000-memory.dmp

                            Filesize

                            17.0MB

                          • memory/1800-307-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB

                          • memory/1800-2-0x00000000008D4000-0x00000000019D6000-memory.dmp

                            Filesize

                            17.0MB

                          • memory/1800-5-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB

                          • memory/1800-1-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB

                          • memory/2664-308-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB

                          • memory/2664-14-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB

                          • memory/2800-309-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB

                          • memory/2800-12-0x00000000008D0000-0x0000000001F12000-memory.dmp

                            Filesize

                            22.3MB