Resubmissions

27-01-2025 12:49

250127-p2nz3sznan 5

27-01-2025 12:46

250127-pz1wvsypev 5

Analysis

  • max time kernel
    1050s
  • max time network
    1051s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-01-2025 12:49

General

  • Target

    AnyDesk.exe

  • Size

    5.3MB

  • MD5

    0a269c555e15783351e02629502bf141

  • SHA1

    8fefa361e9b5bce4af0090093f51bcd02892b25d

  • SHA256

    fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

  • SHA512

    b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a

  • SSDEEP

    98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 15 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3376
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2740
      • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
        3⤵
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2872
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2200
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4384
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1320

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\gcapi.dll

      Filesize

      128KB

      MD5

      deaa59f6e8e521080ce3e77475cb214d

      SHA1

      34cfbc25bd69150f8b0a743ac9bd69c8b1ca4621

      SHA256

      4b74bbca7eca1680fc72cf52c857259c0be29354b5e1990491fbf0c1a0e7db01

      SHA512

      daaae3cd4bb4db8cd1a59359752b268ca0b99fc47de4dd25a559663d5d3997bcc640e4d299d7ac454d2c6ecc27f2df3a1329d9516504472af5d64084ea6f7bec

    • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

      Filesize

      8KB

      MD5

      6c402fc6baf270b2c1b3a13eafa35ddd

      SHA1

      d26d0400fec1775e207b13713993987902a1f76c

      SHA256

      7f86539420c3660c9b13686578a58a78717c54cbb9e43a6299ac7901d1336e5a

      SHA512

      871d290bfd23dc0de9ec27e4ea53bd895aab54d07480bee5ddb3612257b7f717dc3b0531c956ca7f6f93010790f372fe43def333f2847f125ab677571dd8dd7a

    • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

      Filesize

      39KB

      MD5

      05e31e1aa7cc23e7433a0a199e1fa230

      SHA1

      18935452d13e4eea8c3304a31a080315e9420d6f

      SHA256

      21bfbc8f3260f095f39e0d7f4cab8531ecd15fad96beddadcd3607a66449e56c

      SHA512

      f9498a759d9e5eabada6543eb7997dce1b3d18ec350b7e8a3e646d93589381863b11e8fc26565da02810526f638e59e97b1fb8cabda4df2806c10195100069ee

    • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

      Filesize

      2KB

      MD5

      bf7ad8f939731f45b5628c797766d56f

      SHA1

      a1a18a5cd1de3d49921ac2f63ad08cb43d0e8431

      SHA256

      28e9ef930916ff0d6cabb2ffb0831575e832b260c742ae0235cf7d411140d727

      SHA512

      59e2b1974c1f1f631ba45ee030881cf2aee30f49b8a680100a2786a24c9c5b10290c344e0c696aed412f5db5c2de57144e7a3237a68004aadb7c2cf1544ce6f5

    • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

      Filesize

      2KB

      MD5

      3c2b9be460dd4e5e3f9671d409ba4e71

      SHA1

      3dbc30debff1c3828ada842ebee01d30703a74bc

      SHA256

      b534773a832690d2e7d1d9e8994b8a4352b068ebda46867bcef633cd7710fcb7

      SHA512

      c0418234bc3c09c549842c8123158069905255c1be9182bbd07729f1bfd25fc61f61c7dd606bbfd5a9aa54ada1ab70ad1cd61d49b696f68c0c430a2b181b122b

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      766B

      MD5

      2caaaf5f172eacae08847c290ec86965

      SHA1

      5724fed13ea967a8d7af07c9ed4036444523f90f

      SHA256

      ef0d70c8ef1dfc93b68224297262f5fc993cfaf69ec2d4a04eb6adbccc74deae

      SHA512

      5d54c1ce53eedde84df70c3ded5ef85496c8b7e8243ef01f64d97e16812f41320dd4af22e0e1d868fa316fe0e5be2667610a2be2b2b2f77ab751916f65e69be0

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      766B

      MD5

      2c435f65d0ecabb78b4bcedc6ff7f51d

      SHA1

      5db5b2a2afab8a69acbf721d83b4e54a0f933a53

      SHA256

      c978a1b05b6f574fae3b345f932890b0cb6167ef915ea4c37068fd6cdaeabe37

      SHA512

      08a2e478fc07707f4e4ab3fa1ada9048f780a6fc9239371df31680c480d5c2a74b3925671496ac267b8042ca1215740a1257476adb8bf3296ad8177d292ece09

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      774B

      MD5

      539f69bcc7b88fbbd0bb8825f676985e

      SHA1

      1a6549141616cd6571248ed95d2205b2fa84e6ba

      SHA256

      c94c57e381430719c1b2cdfdc910fe071b6a0416443b3486196c6622d1cc1a35

      SHA512

      eafd2324d4da98cd890d0eb1786dc0b21126256f73b5b22a95473175d31dc839ee9d3596a4d5b1a921a7bc1e529f3a606a18112501d4b39c7c7319314fec033f

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      831B

      MD5

      b250951cf7e15c10ff71822bd047e354

      SHA1

      c689c6bfdad9a278d0633ad1938f6918b6e3076c

      SHA256

      6665d08ac75cb00043dc83b153a8a3e937f393878f9670186af61314e0424c0c

      SHA512

      ec16a1a7824ed128446bb46e815ead9605e7ff4c50ec8275c5e31a1c435dd28476402279ba6614d190d608a15696262fa4481875ee2945c7b6ae35fc657331e7

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      312B

      MD5

      0c04ad1083dc5c7c45e3ee2cd344ae38

      SHA1

      f1cf190f8ca93000e56d49732e9e827e2554c46f

      SHA256

      6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

      SHA512

      6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      468B

      MD5

      86c8199af24f60d9cb2741e9d948fa28

      SHA1

      3081d14cc799f773d48f50457a94a99b0de32c81

      SHA256

      1e052dfff9ef5189d58e5d7cf099e7b79105319dc4a5b2a6a9ebdebe00a99d93

      SHA512

      22f615419cfb8e4437f13b0e22667e16a973e18fa10605e7170a3e1544587a0cc99984b39591b489e01b6dd8ffa3b12b4b307b938db0b42f0a874a53897be493

    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

      Filesize

      468B

      MD5

      991dd77113369aebf5cfdbfdbec6d3fe

      SHA1

      64ee48345e197f1a6a9eec86a1b6f65b113112f0

      SHA256

      18c7c73041a49856394e73c964baf8dcba06482636ec4a558fa9ccd6e0ff6db0

      SHA512

      e6972a78fe5c38b33fa286815bb41eecb0c774185e430c76820ead860eee8d94fbf97c42d5dd8dd07b364c57dbe346970573311996a8c36f86efa8d7d433d351

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      b4e278366e78c87df4dbbe7a4aa17edd

      SHA1

      98d2a2d8ad91b6a2c6fd9f6286b957ff1deba8d1

      SHA256

      2ed3c0a0c9935ed399650a0a9e54d43afe48574510dde64821bb89f304accf56

      SHA512

      1fabbe9b0412adfd938cab2a22ccf3fd36f8e2ee98806147e905def7f099d5931ac7a5ebb617fb058ad865bb0f5de1c30555084c459eaa0f458232b652995acc

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      64b585c897c1cadfa89499bef56deb6c

      SHA1

      0d0a76c4a35951d5a871a4a5ecee4a584eb66a7c

      SHA256

      dba9c5d6f28d361f03f0379748c2b13d3cd66525d1127f41edbaa9422b695270

      SHA512

      44cc6aa195e453a3d0a66ecba1744f72c57a77fa1068286516376adb6d8843115e9ea3f80829e615ebabd416b539e8a86bc348d2208a69ae0e83e741c66cf26a

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      7f534e9ff5aadaa3183fda0038f7259d

      SHA1

      9b75a69decd17d42d38b19eb5f80283f478ae093

      SHA256

      ea1ccb623228e9299f55caf4a9a9ddcb4422c23aefadbc931a69b527d044ecaa

      SHA512

      dbb0a6cf3e91bab8ed9661298560ca1b13711694d3751f9ff76622a405364b26e1f33c004894b0dc30a5d0e97fecffef484cf87292d87c2bd9be636d4309df2c

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      3a400b062c103075f0f17abd3a79efaf

      SHA1

      4a70ef4da9b25c5b83030072cf5fe48a81a756cc

      SHA256

      214c957ecb2a73967bbcf600818705182951f719de10b320738437e908f41647

      SHA512

      a080c9902d0fdd57a2ebd179da58aeda59330e863eedc7cff0a989d1196eb67b6234f39f3de49ed6d744fdf1e609c4c5ea2fa6bfa5a9c735686b8c4a3baae48e

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      52e2d5d236d9250f28b3a68269e601f4

      SHA1

      836c007dafa75b5d8dc3e34c2ca34067be510eb5

      SHA256

      b942d7bd3103df416f22ab225d90ed82541a0b3efe884adbc58c287ed8267168

      SHA512

      c9627f8cba12bc4abd555ebb20030da3222d292ed5851b80c07915630639f5f7dac8a799c079e9292862397e579eed55c7919a8184cf7227dfe75c22843d516c

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      1KB

      MD5

      81a858bf5d51dc5dc1abdcac58aa80cd

      SHA1

      2c3956a7138193214bdb5140cafddea5975294b0

      SHA256

      ee5738091f7c03176c0c65e87dea59e20a710aabb043f9db51686c51a37b18f2

      SHA512

      c1c71378f951f479a964ae796870a9b64aad0e3bde73af7f1352af493a72d4691e4278b35787c1e45867036cee28d4ccc437f4cfec98f6d115ed10178d7866eb

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      c910cadd9fbdb250d0ed36571d78d4bb

      SHA1

      41a7435413653cbcf7516d0be1fd3cd14cf3336b

      SHA256

      19450dd0cb10f62915b9941735dbf9cc60ddaa4ee89ddaf5c02cd29eb3820688

      SHA512

      9d3bea247c5f59bfc53141d40bc92464bd4c6b2fd51a66bf996c149a072e2a458931cd7eaebc98d68e42924b82e5290327940de4af0cd0d1b9cc9d7ee3fecb90

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      2de865d57dd9ce1b17f17373de84b246

      SHA1

      30b30fc4f328a01c857c1bc1d75987bcdfbce6e8

      SHA256

      21e2c2b59503302af7464f7ba649c30fca7ccff12d6a3b44d6eccea55cc45bf3

      SHA512

      71b03302966ef492810e049a3f78af93b8d21eeca2be338a6d810b4d1a23b1ed4b43954b34c8a8db9da229257595bc2c09538c5e8007a5ac3f4f30bec4a0528a

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      d0c2957312465acf966e0dc40cb68e0b

      SHA1

      ff0982d0bfb34a5402367657200daf7a002a7ebf

      SHA256

      8a84ec89493dd728e993225d3ab8ce4de0b262feb9259a0e740f399051735e6a

      SHA512

      4d8f223d9cbba7d5e3c59fff89311833c48fe61761faea67a7adf30a15e2b7889fbd0d5fcfc4ab54b78badd7ec598631458bfaab28103ac26117bdc7afefa4cf

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      a715979adc552be1dc6f812b935ff1b3

      SHA1

      3b9e65ee73e976219a2e556828062790d530f559

      SHA256

      12a0ba889f433323865467774f6a1d577a0cb0783b753e00965c1837efebaa00

      SHA512

      cb45e6f9b531ef651ebd291c21c7b66a0dda866fdb5611ada20adeaa77d8d83f2e54d2da646ffebf29de05b9a8ec846fbb9e12210bab1a08ee6ad205e8089e55

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      2KB

      MD5

      f5aef6221c78345bc1904813126cbf01

      SHA1

      2e1149f06ad7f1b2be93911184a9bcfbc20383f6

      SHA256

      eb5a3af73820662ed16db19253e29c7b9851de3786afe54c83ba5ebb3c8e8094

      SHA512

      bafa3d1e464c87f3ad60375d4317f29489a6696687f4e05192bb91f53397988cd130eb1cff66127626dc4c3f1fd4dbd6f3a02aba9970ef46657efa129a7d8e01

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      4f4abb5037f460e5af0c50aa58252fe7

      SHA1

      086617bd49c15de6b08ba1d3b000779f1f627b80

      SHA256

      c4c161fe80d707b62fcbaeba64b8c73d021142ce7d56c00915bd4da6d0f05239

      SHA512

      6b3045a0b46aa34ad88cf5580495ff284eb1b2158d69016f60a2f05f14320e5855b3b1c7ba03d0c7b018bd08395270602cee25e6ed520062d13be77fa4861ca1

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      5KB

      MD5

      ba2137bc535c122e0ccc1c90e8c29cac

      SHA1

      5cded5bd76ee43d7e2a265206ad28cbbcb167b55

      SHA256

      cc177a94c25a65088f81c55ac24f66cfe220b4e3be0a28bc200e14e804af6645

      SHA512

      73a73acd5cd79a06055a5779dfff73146cef76d8131452b2479c1831e174c8e1617194a88013c3b4a22416449b569e527287e96d737dfd7b7104e3670b89459c

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      07f881d1f4e2bbe2b5308e49188d9ca3

      SHA1

      c42cb2afb64cbd241795cba256f7e28af5295855

      SHA256

      4188b2aab7a25da0010c29c4262e8cfdd801b4e4b45a23f480ad6df04f0f2c2f

      SHA512

      d11ad85e3013499e0d4bdc889e4b12af31dc95d1ed6d53384776b17a957d847bd04f0c7943fd94c43b6226993618987303017c40801dba7693df65fd0825df31

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      44b34ad63372f28375ecede599b79b76

      SHA1

      75beb4183f23b3e34bc3859e935871b2d044205d

      SHA256

      3ccc83f60f34025c9e11594abdc1acd3561e53f6f0d7f7c598e589643a1f198b

      SHA512

      7eff8bf421c1b094119df7ef4f3fa06896d81833c76beb8caeff9ebfb9f919776e30d745fd0d8f873f21bf802b4165758ec1504849eb48cd9ce10a0a149b7452

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      997e14b111b97fdb276e34cbe860c621

      SHA1

      95db95998206ac272e511ee1a48ec2f6482b31f3

      SHA256

      08dc0d1c95782725eb43d8c9a6d7eb5c50c9107f78957779c7602286a63017a4

      SHA512

      e0425fb9e925a5bc095a28c7fc5da508904e393c006093d239832b8bc5a2e22a5992f598a2fc94ff4afcd330f5e63ae0ef618ca33f73982443fdae22aaa8a0bd

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      5KB

      MD5

      4c8f497d90b6a649b8a3ce5791273b57

      SHA1

      f389e67c1469753be70a966d1e92a31f20510bc4

      SHA256

      39208c7a9e94fd871eb06232f149e380912e7be8722242579a5f150e46076900

      SHA512

      4557566a3d20632b605e3b5ad839b6fe743091e4316b989451bd9574d5f7ec3878ae9caf9d7021e9315e9cc1d815c9881048762d39ed7fc51877b2b560a8aadd

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      5KB

      MD5

      3771a8316e30c1f9ec19bd849413325c

      SHA1

      0842c05f0695ef95e04bd203a85b91c1cace1fa5

      SHA256

      e1db2c5a69e43a694ead40749c0f4111245979bf2f408db81657b7a034bcc547

      SHA512

      c3026fd2efde8ae0b3e3ec103579ec748751c51ea49700cddf606bbfd2e76ff5879519b665ad07d878f532a53cf329976b1dfbd64007b50d789f29afbcfe8fce

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      a62a67303a58be343aecc6e663292f2b

      SHA1

      638edc99a39adce4a5c227bd4a28b15b8757c252

      SHA256

      94ff759ad06fb447f0f4f23389482ee411c677fffe6e14bbb81d3f6f5759af6d

      SHA512

      e0c3c23084e4f86333c382b18062c15c05be514d77a742dbead9456229aea3716d3b0c2701c3493f3a05dfda5b1ac1efb9f47cf029176d7be186c8d33641dcf6

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      1f89e53b88e3ffb097fc9f9e0f77e9ba

      SHA1

      edac3022f57259c75c2dbedd9cf1504e769b7693

      SHA256

      f62f70d9050e47c2bdf9c8461c1f4537a7bc9e9f2bd8b3330e11b5c2fcd405cd

      SHA512

      587b3b7547488cd4df86eb951d1a199ad583aabc297ebd1aa0fa52367372a1db8a0206e147dcc2f5b150d31663c1353f799c02f5a66c69b4f287d78bbeb4cf72

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      6KB

      MD5

      57c0f6aa979a3044a37ba1e50e1b96c7

      SHA1

      afa32b1ac88919fd4b39d6392596069e853dd99a

      SHA256

      02ffa2d39f0bae68c01e814adcc5a38214b9c6958d1d4a695f16ac83a5a5e203

      SHA512

      960b65c32d158246bdc8c14e56ba805ce17b8a7ec018cef1813b5d3fe5af1048d6bcb55888d95f697ea08c226b826596b24f7ae3affb84a9c0af9c703af9cf36

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      1KB

      MD5

      9a4bf47e5c442be1e06fd2c4ef69d33b

      SHA1

      2d5a2415748d4955126506269ec8d23277f565cb

      SHA256

      115f62d525bcf73be3b7e4a94d86b0a3641d4d0fd1f4b9fd0c977eba5a58ae1c

      SHA512

      c511e8f6e1553c558bca54fb0e79329ee001e2d6db082ff68d71859099bdacaa2515c05ff4c4fea92c95c58f9c19288069bba356c7fefecc3f0f550ebbf4f857

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      1KB

      MD5

      f4a38ecd8e490ffe0b24d54bb9ef6266

      SHA1

      3dc36373184fa529770f13d3387e8016f0469142

      SHA256

      137fd825d7ad51ca0c108ddc030bcd0190b4c77a89cc42b04172b784b174c39f

      SHA512

      f90d1f9db4267e1d8747d038c393d3e216e1b9978f1af981e0e90fa2c11cc2d3b98c0597034f51a9b781e97a06424c79977b818abcebcfc10fadc3a9c627c281

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      7KB

      MD5

      f6919f3d9c1c94006e8128f832b8caa1

      SHA1

      5f90fa99a64feb36ab5965a8328d6ae0f81403a0

      SHA256

      585e3c050d110300c5c97b8bc0ebfd9366ee839fa7e2647f37c5acc5137d397f

      SHA512

      d1d6679d95eb3d10e060a0b0037cf485fdccdd271bf4d22b49b0ec98e8c39423d57d83f6a9a6387feabee44e0a12dc03b851254c0aed27ea62fb279a16dc120c

    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

      Filesize

      1KB

      MD5

      1077d08adbed1d6859b6bea20fa77647

      SHA1

      d45d7c726bf7f4941ea82a971a20a9ed7dbbf913

      SHA256

      06355b24ac63a02b5035a3cdbc53278219fa5e88a7c13c3ea4306eeda601f3da

      SHA512

      d270c55062b04f5939c3f4df1e85507fb4be59b2098ef65729b24595eec8b74e1485f6eb4ee5976399ba23a44aca5066eb27828d8ac4d60f08da8e71f8ab363f

    • memory/2200-14-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2200-10-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2200-248-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2200-312-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2200-191-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2740-41-0x00000000056B0000-0x00000000056CB000-memory.dmp

      Filesize

      108KB

    • memory/2740-11-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2740-42-0x00000000056B0000-0x00000000056CB000-memory.dmp

      Filesize

      108KB

    • memory/2740-311-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2740-190-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/2740-38-0x00000000056B0000-0x00000000056CB000-memory.dmp

      Filesize

      108KB

    • memory/2740-247-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/3376-246-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/3376-7-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/3376-0-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/3376-192-0x0000000000934000-0x0000000001A36000-memory.dmp

      Filesize

      17.0MB

    • memory/3376-1-0x0000000000934000-0x0000000001A36000-memory.dmp

      Filesize

      17.0MB

    • memory/3376-189-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB

    • memory/3376-310-0x0000000000930000-0x0000000001F72000-memory.dmp

      Filesize

      22.3MB