fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Resubmissions

27/01/2025, 12:49

250127-p2nz3sznan 5

27/01/2025, 12:46

250127-pz1wvsypev 5

Analysis

max time kernel
1050s
max time network
1049s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2025, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
1640	AnyDesk.exe
3124	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1640	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3124	AnyDesk.exe
3124	AnyDesk.exe
3124	AnyDesk.exe
3124	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3124	AnyDesk.exe
Token: 33	868	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	868	AUDIODG.EXE
Token: 33	3788	AnyDesk.exe
Token: SeIncBasePriorityPrivilege	3788	AnyDesk.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe
1640	AnyDesk.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3540	AnyDesk.exe
3540	AnyDesk.exe
3788	AnyDesk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 3124	3788	AnyDesk.exe	82
PID 3788 wrote to memory of 3124	3788	AnyDesk.exe	82
PID 3788 wrote to memory of 3124	3788	AnyDesk.exe	82
PID 3788 wrote to memory of 1640	3788	AnyDesk.exe	83
PID 3788 wrote to memory of 1640	3788	AnyDesk.exe	83
PID 3788 wrote to memory of 1640	3788	AnyDesk.exe	83

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3124
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3540
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
64KB

MD5
ecb9969b560eabbf7894b287d110eb4c

SHA1
783ded8c10cc919402a665c0702d6120405cee5d

SHA256
eb8ba080d7b2b98d9c451fbf3a43634491b1fbb563dbbfbc878cbfd728558ea6

SHA512
d86faac12f13fcb9570dff01df0ba910946a33eff1c1b1e48fb4b17b0fb61dded6abf018574ac8f3e36b9cf11ec025b2f56bb04dd00084df243e6d9d32770942

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
aae96d8a818fbf0c9bc20f6a359bfa63

SHA1
9007ba148963ace6c6c8cc2f16ef0f4ed8b4b156

SHA256
0dc124e948b944fdaf8339ab54ca111fcf0b8b9b290298b8c3a2092a52499c49

SHA512
4aff3ee6d60abae4f6986d5fbeefc171c0251e5bfcf70779b42a65e73a1f872ad6e93a1ba887a281868e47b38fc51cc98ba73c0c64756acdb1fda57c4de64f82

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
6e553a3d36940e1722ed339a705b4db8

SHA1
e52f01f8dd241c91c0bf56caf3e7b86d8da047b2

SHA256
9384c9c1189e37e0ead7126ddc8303dc62f0612df4e307c3c9851e7eca64a922

SHA512
3361f4c5adad8b2253ed0a5a341afd0b385730f10b80ad4968c1718eaf13b347e140da75178f15ff346abe6bde450d9e6fd1151cd765433c2a86557a44cad054

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
39KB

MD5
d17e2f0ea8971eb9e4a14c4279ee153f

SHA1
79bfd3899f5185dc51ec2d886aa8b5c5bbfd7e2d

SHA256
82b648bf328c60f4ded22cbb080d24e061d10e1c362b79a16cf35e8601e95dbd

SHA512
b99f757dd9ae0ffa8564b9cc9670f5fc03e09c44965bf6de30dd62d021c250d60bb35ae53e2bd15cbec4048cca18b7b7991ccbf83a62764f5e7f8286d7686a3c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
bdabde52332d21665460a1a1a5ac4464

SHA1
f8bf9c452d51379b49a628737a53e0496d740a31

SHA256
a5e5f01548d07fd898b776285c51de27e8ccbba293a8b98957e866a823b06f91

SHA512
16d2cb25a81ea3503c8123cbb514330366e785d5a2fc4bd420fa18a2b5918b98ea36a0d0bdf6b3f8b9a358d276f27321df8d4ac57d3d4c7c3b9d2525b3d3f80a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
29fae733037aa269aac7c006e51eb32e

SHA1
34b85da3bc49a8e6202518c9f39e12ca0a1f726f

SHA256
a43a94e7d06fee32f8ecf3df949b5bf405599b06eacde79d68539f142a3038c8

SHA512
0181977997c6c94b5344b3a85b169599d3cdfcf081e2ee5ea65e9934e42239b3dd13fbb55ffc107abcd61f65f8ca65a569e7626f785457002b24b34e726333f7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
91cb42b29c6d5f7e4b4ae48d359e72ce

SHA1
beac9179311dbeb9a233fb59525b86e286a183bd

SHA256
34c6a3968b7621ea94e133f77ed1ae2c02a4b149e96f9d883df3f021c88a3320

SHA512
0246e2088184f09937f866bc6fa449b035fa15bf577fe0236f27a1bd1caa0ebe65b62669a224671ac206cb61dfb696a8572878ed6699596e0d0e33ed8bc78280

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
9ccf0619f94e287899bc1cfccb6a9c2c

SHA1
4e1ff8a1f76d07947a85f924b7715f880bfb4e00

SHA256
4bc4be46087500c4559550e1dc3bb84df4d1c6c42a1c273e78bc28ca10f9ee3f

SHA512
967285fc0d79d60ee52e1c1d5afc43f647b0425d7eb244e7f701c04e2c8277a4c55f4f740474a1d5aa85ac614b9d9f46248e4928aa59d16a0f6d165a5618b5ab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
775B

MD5
b89db7eb653baced74d90a8b65acb6a1

SHA1
26d0becaf2c9bc4cbca893c88443fb6aa923922f

SHA256
db5cb93677fdb28b1fcd6cef1e4492b66b4897535651d1d455a9719394ac211e

SHA512
77e6567c9a57e26d27f8b81d45681f76ef6085ee679f564e402d7e8a07ab49f9496b6d3491689602bdf40852a92678076f37d28db8f9dd07b61cc76a68219fba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
5afe180c20e4a50a22981bad3d71c9e9

SHA1
9e7bbad3cb6ca052e481107265bd8aa7cfc97dab

SHA256
4b105033150ebcb90900e2a8f75aee028ea07177c3a6f4901f3232bd373a1e23

SHA512
4454c17a9718a9b89f0e110d5123a599b97d82c39e0098c3dd5965d060553f1ed3e48fcabdbfb047500429c72322fa50478203bc41df1375d153b3e27925c58c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
181fcb50e97cfe76d00f6395ac9b5e2b

SHA1
74701c290e9390fdd1714c07fe64e6413d6cd234

SHA256
057ef12c74812e672ed56fed10aa31f5d0e34795c1ff4b2f9f417dcaee4bd17b

SHA512
94d52693b94006ed8e0a267e2bdeb6063ab2fec978d2eb62988a47a10ce025403c8e1ab018ce8ee5600ca190aee6d1f7844fdb9eb223d8ceb4fbdb34cda29398

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
036c773bf528e130e04e30004b742097

SHA1
2be7ff5179635a0650c251e14a13781577c83af6

SHA256
05cfff04363468adae7530c06bdecafa201213fad1163218218c76674e69bee3

SHA512
22d5c4cdf3d87492c5975a009ed17c27829f569b8e1a89f7e2b53a1a38a0a4b77ea4b6b85125aeba795617fa50c447506c1a1968cc1501e21581316d405df13b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
324103431daf7b9bec8844635a1b3ad8

SHA1
790ad2258b8f87cfae80a8194bbd8527e8ca7a87

SHA256
ef1e1a5c2cefd8ac722bf920f4ed6781fcb7df05d67f90f5171a97324482dcfe

SHA512
020e4f46bab89f47812d5394101ee459c491da1b2c15e94b547a843f98e4a29c264df0cdcc2b0f2e956c25fc7be1dbae33524af49bf921a72cf834313063177a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
43180cb0327463eeb22bf32221002d1e

SHA1
cc7bdbec34eb22196f80d7fddb344eff5efdef5c

SHA256
77377bb17ce85ae854c3791941a03cb898c7bd4d6e4e9fab5f0c4fcd1975455c

SHA512
995e1ee981be1f4808f6a6fd237587dc70076621f7c0ef4a7c59ca7820c93d8d06a3b88d5a5c66868eb343f4d0e1a6d8eadb54579dc306f52cd4b6ae24e10cbd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
fe33120a721bae962e667315f67df44a

SHA1
c45550c72a3a94465846e33639234c18217ed5db

SHA256
b65d7f41e7e26e03c773b9b224a792b13e4d1044956194a2c1392f65b40cb261

SHA512
262e56d2b0ef12ada298a9b6ca710bc6c3b8784df732210e693b76109722e7c2b0c58f91ce8d10e2b8911f1639cfac4d2838825a5b0f968e26c66e7e0babaf75

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
84dd52f6d38c93e27d1e4d62af74b48e

SHA1
24f121e25aba21f65643ef429a9873568fca8d25

SHA256
9dba7599503af41576eb3931f30087d25aa300bcf0818acf2885bc446ad66e61

SHA512
ce890f4457fd345d6912cf5b992966ad648b47a950e73aafd6167d6736a724428df66521eb0f8c676f5ed89b4e7a5c04609c5445fc029c7f08883c3a5c04d934

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4f0c70bdea20f99b22a03da0a21706df

SHA1
12dfaa634cb0956ffdd28b5382b561680a7b24b6

SHA256
be9b51bd127cc44f228620a1b4f55e90e3b17c7713fe1fa7cfc31539ff49ec4a

SHA512
9c0a3069e16c0252f07318dc73d47dde57197b8d001227a0e29dc9e63d26ba046c70791fcfe4ae3d13bc4fe8ff7326ec3de3d181fe701a1045a3e3a33d4310be

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4b326525faa8bb7749147866739151bf

SHA1
53b4b5fba3eb544ed4e73650ba41325b8f169b48

SHA256
80ac88a6fcc8a47c3b7caa3282859b85b368d6a607d8af3968d7f188367a4bfc

SHA512
c574bec9c5d5d84d0a4b99d749cd74654938844c177f644dbe64ce1c6b7c34aa62df6c51a6f8d6090f32e1a98f0520130778803636a8426f6b316cb0ae2093b0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a2fb836c837155ab5bec36b602d2dfbf

SHA1
87b4e4a91ffd5afa14f62b044d451c48a17af4e9

SHA256
59939090ce111932cbcbfdbf53a588463b23dee3efc76962c21ec27c3bd24633

SHA512
62c49eaf57e21f5e1d69a321b07ffd2df284c61a7801282bb5cb4fcdff47b5e6c9c40d61c6e7f8610eaa16a36c0552f5fac53d4b5f38b6010a528366c7ed18e2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
5d43ba77f4953e7b3a3796db933fe387

SHA1
bdad012a1d37a54fadc4888fdf2c2e646b9d2c25

SHA256
36869655cdf05ed38c097d635b56c967dfb280b837ce8094ead7cdcc2dc49ba8

SHA512
189b924ac67b70e53501034bfd4410fd09bf09060f74d59048fc558e47ef0c601d5a4f85fb833178992bdccf0139904b75565ea62c164ed85bd1eeefe13f9385

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d911b6a30f6f574593ac8080c99654cb

SHA1
feae3e145a3c68a68fa899480822237f2678fa5a

SHA256
5f83154b48918d4caf252acc08b089857e2435b1d0950e8bf88105bbc8047edb

SHA512
93d5970ee548034bde57be958682a9cd0909abe0cca1d1b86754c56c4e7eb8ce93c94490250b3f0c201d9fdf6ecce5adb9675c1916adb8cb3f6e871b362e315a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
11eef21085ab7e1bb6847ae4629ec3b3

SHA1
cc2fbc50c62bce37c3aaa1125525b861261f7a82

SHA256
d71901d116abb6201f137741a42718ce26c8717f2bd5725ef6598afd904e754d

SHA512
6eb97b5027adf9fd005f0031a16473b33ba46f0fc35d1c8dc0d88b8a2c0085006c0df02e7234b7693d8d6a79007175d736879b7f99daf4fbfdb5c10b822b0e5e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
7c883fd7490f1634fb3e131d4c448d5d

SHA1
f2e80d17e2b1a856dd7b14172a2e47ff57ed431e

SHA256
ccc082680a4395e938797d98e47e56e898f99940028784e0d25e45818e239b11

SHA512
abfa0be55a505c95cefdbf4baaf11a0642f05bb982378c0698158b3d415f0ae82c73f2126e308f53056702989efa5bb680fb2e3ccdd8dfd77e8dc3f7dd0470b0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
df117ddb82950d153762bf7958981adf

SHA1
ce052fcaf801ea6bc149312cadbcc96e4e334bbc

SHA256
1a601cb1cab4511fc2b2d16a60493a566b315a4f57c26876f7def0faba5e5cfe

SHA512
2578237fcdb46f63d913e535f2363c8eb250035d7aa88fa5f98da7d953a0b60e542f8846cc675f47c0d132a94bd69f9c32f30fc6526b292db5af912ef3a24240

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b48e62f3372798f691f75d5834105152

SHA1
c0be973a2b79dbc906f90f6c0bc3b8c984d082f1

SHA256
4efae0c39710220d16fd436a9079c4a1909ed837afa1d015d97f5391d86d60f0

SHA512
11f5e1c74973cddef707d93cf6f7c2a1a62d3ab00fb1fba304dd10f7980fd84b8d67e25cd6d3a019daa6b75b4c859f05c35b6eaa27981385036971ccf7b86fda

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
70ee514f7366d496b8bebbd9975e46a3

SHA1
ecbe8352af7f1ba4582265c2325d364513dc8cf4

SHA256
7a8440ca815bcca7a6cca70156c5704035cb3d6de2bcdd2a4ff2789cdd4294e2

SHA512
9577f152798f98dc227c772addbceae8ee9b523b04a838d624d9ce2bd875c935f32e582302b1a4d322724e2d8b64c2cd3fc240475dc02ef83a930df961c3dc8c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4d29087c380e9be612364e686b15efe3

SHA1
1bc486c9aaf9f01b55f30f66ca7675713b1bc916

SHA256
e83156d1046742a02937f6855f9553dbe0a94cf07d1c16aead2e2b5dc9b3d19f

SHA512
dbd4703ec9727ec00bf5a9e09dc2a4c267bdf9e749adba79361d39d1a53f92419aa0ddcbebc781fd9e819bfae1666c8a36b2a6b70ab8c2d7ab5bd19b1bdaf622

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
3e23529e46e2a33cb74082c5ca6693b8

SHA1
8024168a3965c9eb6fab17f27e410ad19f3e653e

SHA256
a534fafaf3cde3d94b9025eb475e6d42b5158642e0c4d28814239f1cb8fbb27f

SHA512
63329722c735e2b7e9bc66fb78e5b0aa18e94fadb7ee650a6cd52de07a2ab6c6b1af65f5379a6ec35ee8222c304e6fe2d3c7332cf0518dd5389acad640da5daf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
1be3d0b3260d58a6b52d4b85db9e5754

SHA1
9e0d1d8a5e1067c6781ddc82715c5b88ec9733a1

SHA256
130a10847ada1555a7687360656bd78ac390cef73f4afc3e3df939756557e720

SHA512
d392c5c110396817d3b3203fb86a371d247aef15149ee2df3dc4ea5d19311a609bd56e8e3ff502a9aad7e62e26511b48bdaea2a72c280b97606eefd517ac945c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
22fb75f1f2deff125112a01d30cc806a

SHA1
6f05c67cb23a113c0f9bcea972f74bf4926b7936

SHA256
05158bd7837a9b7607335681b77aca7f9fe34395f73f78fe7e6cc425c42efff0

SHA512
32bc57cd13d73a5847d0eb63d2b1dc51084bfe4910a24e9d415c83138acc38d99b2344742a0403873e7c2717881973085b1c74da8f5b1f8fc109df3100cbed48

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cc7ad39c98619121a9aa7f3b71a43a00

SHA1
6b867b1332732d1733ba020a757022ebfc754c18

SHA256
ef81dbf60ad3e6a86ffe57c50976a45906a8b797c8bc9eb0b62f2a60624b1b08

SHA512
3bb49ad69fb12f75a3d49f7e5c0739c7697c55287435c2495b84c2bae691d44e8144028436870f598b228b13a937da679396fd2f034dd6b0f03f63f2d90985bb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
387ca35fe5c0756e38a9f271832cb03e

SHA1
caf2587b3f9c4f768590ae5810147821afe6c86f

SHA256
4cce464894716e18e4cedc310e94fe2e3f9ae3e31f952f4d4b428b76ca2295df

SHA512
c19f7d4f434da128da1c40434ca4305a45e952daba1572c9430de4eed8a89a3707054b1dd7b83c9b17693730565fab9fc1ce1e710853773ec64e7cf771e3b378

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
255be0f5cceab6a4c1b99db6209fcd63

SHA1
a0116c1ed2e77337503edeac6e222fc06ac2d7c9

SHA256
40151e0d7273231aba1ff02bfb684e0ff4047ae64c8d12b94b2aa77aac5bd204

SHA512
9bbb5502775df04864d426a9a4fa06b17e1279cbb567628c939117f20cb243e7a877b77c27289fa5105c476505a7ec50f07518fabd96e5b9feda979b635351cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
a04fb26e6d3c524731f18abdebf465d3

SHA1
47e827d9dd32f969d4589f2b2cd630a664d15a4a

SHA256
0b9b1766e0bafeefa4a46afc1cf5caf7eab5433945bbed3e51dc026407c63d47

SHA512
80ac85ec34acf90ff592e4790c28d5f00633f243f5a12eeb327e7fabee9751d143e9e2ff9f1732995d4974ea0be21e4fbdc9effed536d71c2e255dd3c38a83fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
a03af886db9553cd0e5febb27e15cc30

SHA1
243030df0e225e2f870c6abe9a0582c437b16b90

SHA256
6ceef0e0e393fd8bebff7f2b9cb31f15070b5e84eb760c1aba5245ba3ed409cb

SHA512
d3f9341cd4ea3ac71bc7ea48029e5cdbe5ad63fb637e6f9bb1a35cfda93a201145f9df3f0054da631d5a10c919307a21e1b47166860acf4201f1eb9072af5c38

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
b8b4a34df031879206d68b7cf3f1d694

SHA1
4d18f12452e3260c4e29f558a643c58144226972

SHA256
b4f2f36457ff5661ed83002c3c42bfc8c09b742940f44467fb479e7919635df2

SHA512
191e6752be5dfe00dfba5577d09f606aacad5bf456dd25140083d789559ba56223553474a89928b1dcfbf7068ecc835c623a2e9d96cad2a78546ceee415473b6

Download Submit
memory/1640-14-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/1640-323-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/1640-237-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/1640-330-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-236-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-322-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-12-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-38-0x0000000005AD0000-0x0000000005AEB000-memory.dmp

Filesize
108KB

Download
memory/3124-10-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-329-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-41-0x0000000005AD0000-0x0000000005AEB000-memory.dmp

Filesize
108KB

Download
memory/3124-42-0x0000000005AD0000-0x0000000005AEB000-memory.dmp

Filesize
108KB

Download
memory/3124-337-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-341-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3124-349-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3540-331-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3540-260-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3540-327-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3788-234-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3788-235-0x0000000000A44000-0x0000000001B46000-memory.dmp

Filesize
17.0MB

Download
memory/3788-0-0x0000000000A44000-0x0000000001B46000-memory.dmp

Filesize
17.0MB

Download
memory/3788-4-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3788-321-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download
memory/3788-1-0x0000000000A40000-0x0000000002082000-memory.dmp

Filesize
22.3MB

Download