fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Resubmissions

27-01-2025 12:49

250127-p2nz3sznan 5

27-01-2025 12:46

250127-pz1wvsypev 5

Analysis

max time kernel
1050s
max time network
1051s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-01-2025 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
4720	AnyDesk.exe
3084	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4720	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3084	AnyDesk.exe
3084	AnyDesk.exe
3084	AnyDesk.exe
3084	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3084	AnyDesk.exe
Token: 33	1876	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1876	AUDIODG.EXE
Token: 33	1448	AnyDesk.exe
Token: SeIncBasePriorityPrivilege	1448	AnyDesk.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe
4720	AnyDesk.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5796	AnyDesk.exe
5796	AnyDesk.exe
1448	AnyDesk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 3084	1448	AnyDesk.exe	85
PID 1448 wrote to memory of 3084	1448	AnyDesk.exe	85
PID 1448 wrote to memory of 3084	1448	AnyDesk.exe	85
PID 1448 wrote to memory of 4720	1448	AnyDesk.exe	86
PID 1448 wrote to memory of 4720	1448	AnyDesk.exe	86
PID 1448 wrote to memory of 4720	1448	AnyDesk.exe	86

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3084
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5796
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4720

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
b301bf9ab971caea310d556b7bb342c2

SHA1
c7de56f9c99f01e33df87e117fb6bc0cf3aeee01

SHA256
931a26e4749f0217959ba6d12cc76ebcb120ae2dd3b6ec558a53e0ef3e9342a7

SHA512
655248beb45bf4734d88acddbe3e31fa0683c36d827bc7feb286aa81ad042633eb1a14417eefa981ae14b836f71ac45dcd3c9c6820f662a3770ebf8fc7b539f8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
39KB

MD5
f63f2f03d32a65d37edd98ee6fd4a124

SHA1
aa7bac116b801f6fea0480643d20e1b583f28439

SHA256
8db6e281411a0e83ded3553a393fec83b38f7e15cfb8e5e3805e69e7b4dab3ef

SHA512
bcdb2b237721239c87fa12d876175960c1aee4a4ebaaed8bdb06f8e5ce44877ab22754cea77aa15e7d08e782bb9a73decceebfba6f4cd6d90d20b3a38d98f344

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
22b4997f7fa790e13fc16cecbe0ce836

SHA1
317fa74824d80a883e5c707a5ef50614ad955e1d

SHA256
5627b15309b607d098ded589a2f2c351a2109f5c7db38b839f3d6682cc33363d

SHA512
a4ada1e0e0ddf1e98c5acb11051788805d2653d729664ec8fe0a7e9c4d116b0eeed2167b4f73be859107f23e564461313f4fbf1d679cdaef585bf28a822c3606

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
93d96729c194f5e487f545e5eff53869

SHA1
1771f85691510002e88359a1e3c65d83a8f387be

SHA256
29c16d4135f45e684df0da20a14f324b7045ce5813758e16c392f27477d7014e

SHA512
b5ef4e9e27d97ca83cf5d09221664f7a84f8cb24d98c91c818feccf2cb2878bbd270344e7adb538c1091de8de70f211990bfa004455cfc2e84d391b5f0b26610

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
300b598c1deae73e8e1e2f6cdf66b4b0

SHA1
ca025ffce562f768cefec18fbaf6514bdfd8e37c

SHA256
b0ba7af65060452c190e1843039f655ba46d8e5384100ff3bfc6f5c20bb73054

SHA512
5c86ff88c905be7daee189d13ad3fb8821938ca2d286c1ab01cf46d197f1888fc28517cc01df2397da396dc92d21b854e816a049a2f2bdda51cb3c7868d241e8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
823B

MD5
113822444d4b9348f494ba03526be4d3

SHA1
520ce91f23c51d7b34c3b29299a74d25af815d40

SHA256
4e983c9f3ccf3aefda5e25effeda9173fca2f5ca1abf751223794b5e83513796

SHA512
86170a3202c66d261e8978cf285a658f11e9465980634aa0eeabe0ca8ab7b1d4786480c3db7414e4bc7638ad082d149f1757b99dabdb25603605364a25fb3187

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
8c54ea9b6de340faa0c673002dd55e83

SHA1
764835a60d5e1b603e91f687003d4cfd013d0198

SHA256
c6a4ce3c7814c1c62d6db18976df77db3aadd6a48f42cde51cec7bbde41ad687

SHA512
1f19db9dba99a5b72f58ee391d413e538f196cbd827f242da89b4f965072c11c9ec382a03c716cf13a0e566858a4369fa59b83320195290adafecbef39e8857c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
bf1b6aaeba54d7849bec6e74a7fee592

SHA1
5356f9d5291dbf8cd127943acd2e0e5aa122b7c2

SHA256
91dacb1fd268974f3502f1347dd27d0b5e5d159d8c82580131b50564739ed84c

SHA512
2f89e35e7e8bf789414bce0ed18ec59486720e4b21bba8262278acdf07ce6d40905c0589b7c28bdcaf10afe6e49e7fa3ed3ddf4f95a703a8ceb88d337435e036

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
ad8aa46702fe40147a5031dce301b0bd

SHA1
d3908d699cbd3c6fd1a069ff8cc3230c3219f7f3

SHA256
aa3c4ae700caa08d63a0a1d7eabb1c3006dc9a035a82672b2853fad75eba963e

SHA512
b0d998c024201a091650d118f9fb3cb9b0b2800896d7a50f49135a0b1160f60b44c20d39a00189c99d51617c5b397f4009d623fb40b8ede82e32242740ac67e9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
7fd98871c9e64f50f65dc42472b8dd32

SHA1
3a44eb49d05bbfec7e9c2e7c50674a0b4136cd15

SHA256
6723664f14ca19f3fa0ed546ecb586691150404322aaf3d1ad2986ca49576d4e

SHA512
5df1f7cfb55fa3457ba0ed0405d27b0c2ecf8dd58c3bf953810ed0a9dab2d4f499778f8c1a23d02df027be799b596390438bfa326f34182eaeec018e52ff264e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2875107527b28ed367230eed26699426

SHA1
2dbb921ca87d18ea9e3e464ab7eb64624a270c1d

SHA256
33cf315838127d62e251f271ce8284a668c1770c1f0aee61cd730ec861ee91aa

SHA512
01957da14ec2490032fb9f63773ed761e631da1756f22978eb5797e16b43129c65de3e8aac15477a8d706785c952d5209a666dd48f88a4749e833379dfee8c59

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
684fd2ed835a65f6c3a9f0d72be20073

SHA1
f0d041e603850e86d5a40fd8f298f47858064cf7

SHA256
6eafaa7171fc929d8db1bdde704fde92992a36b0f5fdd6760477701b521c6770

SHA512
c1a8075924051422d58989eddfb24622f2e936ed65ac22533aaa9c514925b0667ba0c14a4f07b36499b7125c4517e12c26237bfc008e9aa5c543df56eee68147

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
3216e38662a3ded17cd19ac84fd047c7

SHA1
076e27456f2a58394ec684cf8b6437749be5d14f

SHA256
a362027d36a552d7e69111b8366cde146d66290e69051f3013780cbd471058ef

SHA512
49eb4283bae69cb978c8af7ab190e259256d2979b747d0c388aa41fcc33b1f221eefda6e4e1102d9e5b00fb132034d617322596bb7aba9d83b59cb55475d2666

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8d7309c67d6c770b072b51a175834d22

SHA1
498bd95b9122a759f8d1ce0746fbf2ac6defc827

SHA256
ec27d753a4c9d7ffcbf77f99b082b5873f6e34bd3a2995bab018cb389a8ec7d2

SHA512
982a191d076a096e1d2cf70ebaf890d5e5fda86240a54b0b39d6038f9ca8ff2bf5a88f0b8e6220134d181b07add0c0cfb41b61ffb7d6a2e5a200f5a99a65a31e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
16cfcb7f4cf28455b62be08c20fbabc6

SHA1
7d76d6176862b6ac4764fb7d52d77564b0b557fe

SHA256
98acbd186f3ee37702328a121b37a0dd29316b2ec99338e16718b123dcda330b

SHA512
c28ddac6b2656d1888730c453009b80138b4e117cf23ece7852d30b7687118cbcace0941c8f9c5a8fd899a3deab1d4fa4243455e7dbf21571d70e998d8ca7ce9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
410bb54fa9c00461b618a877ddf50e22

SHA1
f2e4e224ca2c15798e1028f83104790fdb28dccf

SHA256
a1d692f0219c67c5de35aa748f4de4976db2bd720e1d9ff4d4da6efef7e521e4

SHA512
76d77c836eed454cd76c8b8cd63c5c32ad065ec1618ada3e9eeb7061365b9664dd2b7143a3bbb040f46f1ad990599f072d808af58448e3b80cd948b66b9fa50b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
49f28710779b568a6022f489c673613a

SHA1
3fa22a9b2c10363774c1d1dfa49cadabb1f3b02d

SHA256
9056935af91aa50990d79d12ee3c01a7cbb7211ecdd0400be7e25c143fb64a6b

SHA512
fcb95f4fea997b4e1fd7728f74e4099d47dd2a3c85a9c3ba1dedf53818adaa2a0f9a71a1d61de7fb46ccd71bc760920b0b4f93916435550598317c8634d87341

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
18fc8dec8486fedd459f1e110c7ca48f

SHA1
10357c171ac81dbd1d586e10d2f06c1069f7c6eb

SHA256
8044a2ec7ef8ac4f0b3709ee638c764f3fbac80917e4cad5762b22cca00e4ce1

SHA512
46d137856ae2a873d7a4a7ea5d5eb38c3d8e4c925de8652f73bd51eb2b2a6d9e7157bf3e1d31d75e9b89eca64d9952dbf3be8a222a1320a1a7bdad23a8320c02

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
6168b6b09776c8ea525918ad005aa697

SHA1
2e3ca6f244b743f0a8ad87a1e62e367c74207d26

SHA256
8df9beda52d0de048a7780c12c297b7341ebd83e435610bdfdca2951c36ae0fb

SHA512
406a3f86c5f77468c00b308457d7cacc918344aeb8cdae226409af7bbecabb28b51a8d29f4e6746caa3eec83c7d6d9c548622077ee9e532a0d48237adf93078d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b10079d11bf696c80de875dc9000f499

SHA1
6707d0581c169ef88382e20693db22ecc0626d11

SHA256
b81c26359edf704b33de6865e1896ca2922c4643eaf98c11e2cf14a8cbbfdaaa

SHA512
1d91c0e01bcfb60ce5f6676c239216f15d8759589150ddcb953f11be414cd2a5e9de8a19a42e45e8f1de7223119c8b8f7b0fc72d67ae82b24f5ff09d6d3fbd08

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
00e3bdd100a90673ef293b891ea4a22c

SHA1
3c5ea3f2deb5150eebb91c44000483903f45d7b2

SHA256
1c18f81f23a9032f272a30f00bda3a06d54c1e3a021f080e0b8a8be0b6e4b594

SHA512
aac55ebdc7d65a4c8d54594049bc4ad898d5878281ca55ac19fd20da0b4a6011ed87a1620ad0bb922b0c4ecd3765f08d14504e0141d44ee2f1998f95d31862f8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f7c1ecd9c4b722e7760ce7d1d9c1f85f

SHA1
3339b178e3c8a0fe8f6be233c03732bfaa0f1c04

SHA256
a9534e8fb53271889ec50b78e79f6f0ebd15c22a06a86a1a05b6d2c96c72263f

SHA512
3dfd6490bd2b005385fe33b82e6f4fa02c241187bf4ee7d79615d6099fb2e14523af3773a03688cd49a697ac8a7d6c99718acea9eb1841aa2a524c7313cad7e6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ca9113062e874d9a9296d0b39d952dbe

SHA1
da9d0d2ac66ac0340d87bedebcc7e77b37398127

SHA256
43aa76a2fa12fbbdfe7a491d81c951ee5bb0997fe8432009a720edc22c551449

SHA512
599d977a4695315e6d33853296ef648247319f23a46dee2351d69e5ca407b31362636b5052dfd9be48aef5172bbd43469052cb50c183711b2e5b8ebd12138815

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
de35ed42b229a8420f8daf0dfe841911

SHA1
67a07b9c11e8ff6fdd2d7f38d41404169485becc

SHA256
86b4e1604e345fd6e0e9f59083ecc2ccdd5cd876799008c3d1f466f0dc91b632

SHA512
097658fe7a064a54855f5ea4ccf36f52a433d0c05d8b29006d22c0cd85f82146f4de2c1a04a7bc8fe71461f2243c69d825c4324adcdcb51ed438da3f9b048646

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a4dfad3056a5fb0d384d4c47036f8c33

SHA1
3f02e253af1daace828da1bd45c7ca0f59319ad9

SHA256
78d3e88efafee629c43f163eafabce45a956ddaa8424eeba6582511b63685eb7

SHA512
17e8efc3eb6033dcbff13896f9e5531c1aacddd3befe7f8ecda124ee6c387504bc499d26a928bbaca6ba411ca2e50ea85c9a552df08ece34010195848f6a3f65

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
892a183573b644b894e3debeda8f4c90

SHA1
8b0dcabd04a71122fed9ffe54be3dcf338159099

SHA256
a24da9b3b504d1c3d757849fa158e8f095e9f36ee45590298a377773c536206f

SHA512
9894b61bf70246e429973f680b2c12e360fed2e7f3de1c339ae5c38feb22d57cb3abd46a3c502b352c023dcc3533b29f57c11c716a821073ca0e54b65d166f85

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6b49792349a857964fa53b9e44dfad8e

SHA1
c9a3670c102bea7d3cc3e427471d967db9204df8

SHA256
f0bbc1b37f487fb12d542e2abcc021fa118818c2c7d55b4a997ff1a29235f840

SHA512
f062c5c58fbd0a3604747b23d939ddb66e700f336f3f99095dc07fa88e5e39a3d1320a032095898681fa0d6ba31d54a0ea0c1f46306e39bb4ecfb2111fbb85b8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5b8670b1a7d6190f9ef9649723ecee16

SHA1
d4eda10e83434f310fd92b1e1e5620799810a21e

SHA256
3ed3dd164e7b4be52edeba86fc23b80d97cbb3929253964c14be9f0856fcce4c

SHA512
1285f674e5506e452b156ca1d3f984b69ba883fa379b5e0f872fdf3a1c85e46b73c74cd8375e557e02dae9cc8bc4049e5388d3a03776e29ac7db435f7f6ef0c8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0adc172520941f4c6f44c457a7c8e1e3

SHA1
3542020d74c68cf8e99a40087016c8a09c21adb2

SHA256
af8685918af5daa587f2f806009bc0df94287b61a7616853cf3386a9f02e8901

SHA512
730b182340238a54774352d63723c4f8de1dd0b2f540063da2e22324711582e757db47e1e979a69ec308d81b11bbd5bd0faeb6c97a6b83385f8784eb766561a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
7d232306b36f5c876d52472ac3bf00df

SHA1
4c389209543a9cb0890b4545b32f8f689db88a4f

SHA256
fdf1b34899a6e12ea8f1213d52b8cf554adc442b20c938e70b5348c6e66e1121

SHA512
68bd9eba25e93d9ee7f30caf5ca54af19c6b9c306c232867107f583beb3924ad5e6c99ba0e4ad5051209304cb6888b43d16355d0d0752b2454446500320d0c08

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
4db3b3248047bb0e5c4b8d051aaf7056

SHA1
c53120cb9a77cd95cfc6a167539a706f750ea126

SHA256
d47c59e686803204ce09e6464c11067bdc7a4f66efe38b03eaaa4d93b856c4bc

SHA512
7d719ebe48143d1f4caec9bf4cb1f3116f95e4b91970ab9e6055944697951bed6eff0d42ad104ec12bb19696d4bbaa96742fbc800281e2603f00d9cc3b8e644a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
d3860ca66174a8da119ac548c6c67317

SHA1
2031fad163935afc341234df0835173a821b3f48

SHA256
fd333419c47164e4e88ac25d808001f5d3baefcdaad737b91d35760d70d0147e

SHA512
c723c68359917937898e42afe39dcbb7742450b60e0d6b7c5b4dccbc77ae507cc5bea979feaf6987d9aa4982434a5d532a1dce7dcdcd483f86c872304c7ba1a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
48c4dfe5e2b3d376472e08f2cc244e79

SHA1
386636d4bcbc5eaf012f1baedd7f8b49c5f61723

SHA256
6958872a932606f92359d72c142b3d5912e97971db005d72cc27a2d8b8d5d473

SHA512
d901e8d2024abe75509afaaa086073007a119d71f34d246137a9b1baea2d825b5fcb4b43928be8bf75ac458b03bfb04790e07a40c160b8896a62f862065aba10

Download Submit
memory/1448-220-0x0000000000604000-0x0000000001706000-memory.dmp

Filesize
17.0MB

Download
memory/1448-0-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/1448-222-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/1448-5-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/1448-1-0x0000000000604000-0x0000000001706000-memory.dmp

Filesize
17.0MB

Download
memory/3084-223-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/3084-12-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/3084-43-0x00000000060C0000-0x00000000060DB000-memory.dmp

Filesize
108KB

Download
memory/3084-39-0x00000000060C0000-0x00000000060DB000-memory.dmp

Filesize
108KB

Download
memory/3084-42-0x00000000060C0000-0x00000000060DB000-memory.dmp

Filesize
108KB

Download
memory/4720-225-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/4720-10-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download
memory/4720-14-0x0000000000600000-0x0000000001C42000-memory.dmp

Filesize
22.3MB

Download