fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
560s
max time network
562s
platform
windows11-21h2_x64
resource
win11-20241007-de
resource tags

arch:x64arch:x86image:win11-20241007-delocale:de-deos:windows11-21h2-x64systemwindows
submitted
30-01-2025 16:40

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
2316	AnyDesk.exe
2080	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "179"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2316	AnyDesk.exe
2316	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2080	AnyDesk.exe
2080	AnyDesk.exe
2080	AnyDesk.exe
2080	AnyDesk.exe
2080	AnyDesk.exe
2080	AnyDesk.exe
2080	AnyDesk.exe
2080	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2080	AnyDesk.exe
Token: 33	2752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2752	AUDIODG.EXE
Token: SeDebugPrivilege	2080	AnyDesk.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe
2316	AnyDesk.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
960	AnyDesk.exe
960	AnyDesk.exe
1680	AnyDesk.exe
1680	AnyDesk.exe
3012	LogonUI.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 2080	3664	AnyDesk.exe	77
PID 3664 wrote to memory of 2080	3664	AnyDesk.exe	77
PID 3664 wrote to memory of 2080	3664	AnyDesk.exe	77
PID 3664 wrote to memory of 2316	3664	AnyDesk.exe	78
PID 3664 wrote to memory of 2316	3664	AnyDesk.exe	78
PID 3664 wrote to memory of 2316	3664	AnyDesk.exe	78

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:960
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1680
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2752

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a03855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
f3236955d4ab0ffa1c582f4f749a3f7b

SHA1
6fba5573078178bcc5bee99cb76be71c266122f6

SHA256
06e152bd03c1af25472708bbca31f4e440df8a7c509dc3eb6096b54b8390ebe1

SHA512
ef450cfa53fb83cceaa8b9c8c5fa3d79690a06056e5879c2ed63c77a477960dac56f06e503e3969a9c02f33c7a227332cff8621a68bd31fe39c439c18294aaba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
43KB

MD5
b1b0e3f579d20c3fb7d0c3d08255c89e

SHA1
9761df2d22ec1a0974059bbe0c5290dd5bcf8ab3

SHA256
49218cc5db03a8f47f0013eed1e9b390e1fdbcc5323e16950bd944816974d0f9

SHA512
80499842ebfccb8084715a46912a96be0679e03582356ef25f0a214fac00b7f23b46c559bf165cf22384061ab88c2fe06f79cb35cf4972ab8062469caa28922b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
88KB

MD5
0bc18bfd6f6b93f06d8355517e496f91

SHA1
64dead12dc4cefd19f8e9137119a1493c32d77ee

SHA256
07a596074ef25c653fe34305079869caac9c9a628ee9bd4c9ba5457cc8dcd6e8

SHA512
c9cabdd11f0ae6ead70f94cc128173e2d956c28ee30334378af2d365d13d46f73aba6901498790312a79b44785b1c3175bd85d2b7620c7cc825d155bdbf2d723

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
5b4744031100648434cd51f09f30ceb6

SHA1
5d2860b6983ecf4c16200f0e63e16331d0556e5e

SHA256
33b81205b9ed64d1f4b2a3c6f76808ca87a44f4c7be5ff55ae6ecdd645574833

SHA512
3b553885a8a708bf03090dd3777c53751384c01df6e680e6ce269b68ad4bb0149002f8d09dc8b6f6ba137c8df4dc42dd53d5121f71461591abc90abf93d12b94

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
92bd757e5c4942809da19d8666e4c385

SHA1
ce8ece8f3170fe4ce86f992b35e462294848ccf5

SHA256
ac5fd2ceaeb51ba30d126117113d91b61257fd492039e5f38d3ac65214f0c663

SHA512
265f8dff31fa992af750b1ce8a4f42d4a8b64c6d24204396db401c2893110d4bb325486c51d14a2fb253977869f61950b0f810c6c8baf3e87897dfd0466a4755

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
64335928c43b8e05ff2b644a8154bebc

SHA1
7f40cdb01c66b69208988cd6559b51a7ac096c06

SHA256
a76e246745d252de0efcf6fd0c2e26ed72a99fa83eaa552480c5e4144b74264e

SHA512
5042647899412bd5f17e5f205b921beabe5abab0a161fe95810cab023b24a8c173a8d516bf96bb23d6aaac7d0afa398577bd19feb9f02e7d044fecf001880aa8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
071c2bb3128dbd4b8d28c0d7a2360865

SHA1
82ad6fcfc6a6bb49970de4b2661d2c932e2403e5

SHA256
2338a11242a4c386adb217792ae30fc1c2867a945a6ec8d2ef07d848fab4820e

SHA512
0ba0d49b1edea0c72e835e625a1a01deb4c17270c1290d1c28f48dd534101aa39110eb522c107f89d8bf24bfe55cd6f2e95b04eec8617fa92415a7d6870e9c1e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
4bbd6da71273c179745d1f45cc0ab179

SHA1
cfe59a7ee9cf933d258243e5bc0fa479a67ddc69

SHA256
c7c08152410b7e030dace96b112f3fcf6db59766f5e1043879dbef0969a93fb7

SHA512
b3516d70c94d9461bbc62608c0844f86c6bfe6bcebb9543f748afc7ff6f94ce0a430e0005ab40475225ac95c678e3211b6ed083a2d2739f9eea0148e219470ca

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
823B

MD5
454da1175fc6be91e79d1ac7040f4877

SHA1
12fd29fea55ee82fcc6ec28d87d48d912c37a775

SHA256
b1e7753ce31e1ac916aefc4850322380bf720eac63e63559b8ad7f68eee6ef78

SHA512
bc432ba4ac23850623fc74b49818d73d68ecedc2efadeacb7581e52a0cfeb4e0d5afe3264efdff0f0012f35f8806c9646a1fbf77d71ddaca18a368dd35e11b1e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
831B

MD5
4fe9fa050a57de48b251d4150675c5f6

SHA1
b543724fa49fe474fe73bcf8b5c4e918a7424002

SHA256
e59847734f0a0c4a581db7899a91bada2cd7753273ee80226e9d021c14bae5ab

SHA512
01ac42c76c8d3cf91bff958a4af090d168f78154ea435a07912700b39ec52a9d92b17c745714fd410641bf95d31c6495335e7ea03c325f02e541e86a99ccde64

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
75f2168543c04629fdd3b5880f0e66db

SHA1
b9c826d788fcdb8825c6b7acfd67a67b5b240a9d

SHA256
84be58260e9ebd68a43d6c35c63e165b2934f68265c1b1cbbce5f64b853a83e5

SHA512
9569745ec791b6630d255f8b4396b0c6d3e5fa97da8ea62df93ceedd74022ad8cccce10067d6c6494389b2ad068a8f3a54d5a7adbf2b6e73306546f1618ab772

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
682129ade9af1e1be7e7069b34f7cd93

SHA1
3f15ac3f899b25a46329a5558d6f77b958db39b7

SHA256
9c15cbff5aae813beb178a1522094e09d6760d50b856f555d536d1718914699f

SHA512
4214af58c3c81b026b1cddfb9a63bb2e8a668f34f8983fb8a01c4c66f8a63695b1819e08d722819ad6dd404d16a144c625bf7165bd02cfc51da8bfe012f8bf83

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
4cd9ad0f5e3c7707731de6c826f5de86

SHA1
cd4279cacc11a1a096f872d454eb7624db770e9f

SHA256
c3ee81ce54b1bcf6213a8a7c0c1755dde405e1b73937bc513ab1c9bca8fbabf0

SHA512
1766331ffc6053327e5697b3ab4261068f3a937648a90f53d4f8c187b685669dd096d8562bee2122b40d52d49f7b88c6506e4bc44159b0bb4b5c62e9c7dd099f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9a6df916ad55a7b790f3904408f2fe52

SHA1
8e6625f37a38770a1e272d8ff78738759999a359

SHA256
94554a66f82165ffed21b1222fa66fdc86d747df106bcfad5d7c42396c5a6cc2

SHA512
173e7d32675eb0bbde0207ecdaf5e0954dfc28ab18e53f02ad3b775fd5cad8bf990bbc98bdd60e97c87bb230de3e4605b852f2f227b3c4967c51a99b59ad280e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
a2deca754a0ef4ddd1b1c01cbeb65b8c

SHA1
c899dfa4a744d3106fe25e761a1e03781d6e09fa

SHA256
2298d9e419b23399da19c4a069ff078ffecef474029006ecc33c48aba7506579

SHA512
46fe4699f05171ff1faf35bc66848f38dd9b6fc3177c4c9913d9ae38dfc8c054113ab0a55ae58a026f81ccbc4ff5a4a1d601693617d981f9541bafd1e24377a3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0a31a1e1e21392f7b844f53cbad39a58

SHA1
04ca7ab4ccdb9af94dd5ed7ba2fdc80fbb7901c4

SHA256
65ea56a4b66c11e2fbeb503c46f5544dfdfb83da367e2b95fefaaccd640afc19

SHA512
d07addd64351efa43668195a821f8a9d357716bde5cc511a4754b0be7b10bc3713b3d4f590264f9ae21d63bd6e93f2984efda9dc5754440be439c67fd72ffbde

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d7876ad38f21fe1c35a6e47e7453548b

SHA1
580be98f3af3ca84a48002c8eedcb42560ef63e7

SHA256
77d38bc98aae9aaccf2e278afe10ccdfcac2df294a0361a851a148c3e81c5c40

SHA512
8e336aed336cd67fa1fefd987177a8ea666defb8cbad164da293d54a1fd826a8a055e8fa7af181e0b48a166ed580299073f20fd28920b2cd0881aef12ed62bb8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a7dc69bb2a314fdea20eac6fc127e91d

SHA1
3aa112fb1d668867f769d8b257c2925973c397bb

SHA256
7e3792a742aa40f8c84cb3cb39c37266638c1b76013e9899c3f3152777eb9a06

SHA512
db415aa85875ebc908cf1315dfcd99dcfcfa04e095109867831db0d88ba7330a74433f3be57e2eedff76f248af8b322bfea53496c3b60143d8f0033f70139378

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
eec626543275c9cd5b36ed65a50e868e

SHA1
7d44a958ab88fbb2e06d130ee599d6d0a743c120

SHA256
8b085111b77eff1affc169ea26d8dd4bfdda9e857a4d36c0bffc8c673cc09441

SHA512
5e47893601815326c8a914dc2539901689322b701612e1627d3d27b0ec134f688370a9c4ef9c0bf413572c2c9daad18e378b791fd5e4ce8eb78bc8a26f8feec4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f86189180c3f11be7efbb8d088cb394d

SHA1
48cff4df6706df9d3864e4af8670dfbd79d98cbf

SHA256
c72072aed8e1c084b79e458708fa12b62f872c61b7956410616fb4bf36ff8d16

SHA512
4a098322eb0b63ef4f531572347e89bbf788c17bc8a2999fe1b01d7b85c2f42a81a952ec15de0eba91785cc96459e3e5ca882c99a86e1639ac29fa7278591534

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
1e048e69b49883fd7d0776e50b43abe7

SHA1
a6880c69585b57a7d575db8687ea6b686de5b2c1

SHA256
cb36732f56673cb08bf0fe762a0992fef99e273ff424ba9a4e9d8825c83f8b31

SHA512
a4c466e4e16502e672f4e966431c8601eed855dfddee4f43a3e540319b985dcfa957cbf891ab36f99592a8074c93a0d2518e11ce398d6349d0c723d7f49c839e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
acf59e0fd3a34d198209aa425b71b2a9

SHA1
94e046471eab011858e01d9421e4ef425dfb4835

SHA256
5ed917bdd5f5358f438fae2c7467d44542e1fd1fc4c8a6da038632c1a7b5c8d6

SHA512
3297643b2e8a762721f2b1685093686adc616571fbd0a1ddcfded3894fab62adc32e400c0cd204c17183044a7d0c85afd7fdc8d0d9b663f7d217a45895b7f8a7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
917b8d32492068a54f6704147811bec0

SHA1
6c641439fa01d93c2d793cfd19c59335a283a58a

SHA256
ab98edfa527422684f67f149f387dfe9f656389cfad514f6c704c32b4c028392

SHA512
fe4086c9ae6543f02269402cbbc257ac6fe2f82ca7f211a4978af787509ae396c16cba17519bb6cffca3e6ec6c64529ee90aa0385aada8969e61dd2f77ef34f2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
daf144e6b8f9060e6ff24bdd16e30304

SHA1
94556f1426a63655bc38f44d34621b9734446313

SHA256
b79db740e4f2cb7520c942f1e542191c8e973b37e9bbe221f3cf1b95c4ad4931

SHA512
ffa8100e0f02e041727e23913ac583d97186490887fb9353605d4f578862ae10e4aa2791824dbffc4d9b9b398789cda032c566b1ee4ae6557b056c224750006e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
c4760b89821ae28fc32dc8472f5b5dba

SHA1
b6292bbd6ce69b63fe574df803692e320a07f5d0

SHA256
e1e3a5270d223ad0d5b2346055935b6949faf2149997fee5c68b128c3b3514e6

SHA512
01bc90b9745d09e265c0d75826e4241e8a690dd698c3242cf0afc91559fe979994a19c82d0811e8238bbc719d4f0e7a775385b9a9fefc19f99bd12965aae2e2b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
adf8a3072136a05792397229148cfb84

SHA1
1c3a871babb2c090b57d083092776a0cf791e254

SHA256
3e1c052a1eb7c397a4a6157e7b10e982de24fd38a181c31641c1c171658ecdb7

SHA512
560f4536e126df1bbeeefb341772dead6c9946579022e365465079860da54bd1551c132e385d1e37109a8d2c852df28a770090cdb5baee2f2cb55fa29cce0379

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
def7557f70ba6aab95611a45fe352bdb

SHA1
18dbc2889475de12c32f6e96f1a5fddc4d7af1ca

SHA256
2c754e2d34a345cb3479e97220786c0e3630103f52f3930b82a047b581aeaf90

SHA512
99c92a8defb14773eaa8890a7f35d1c8be992278c7e68029f5bf271d261cb7a42813005f8648d6411da192b818b4605ec12e65355ad673b5883abf721040c178

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
4cc7d08b9b47fa18f0e27f9ec032bba1

SHA1
a49e39774ee9c7346153f4d0299f7befb6b74ce9

SHA256
43dfe864db4752919c66a9d85ebc367dba301efe4f92bba02569b73ad233efd1

SHA512
936df7b7b907eada8e6cbe38fd0d75e6707be757d671d23bae17a2c905f65270b7afd3872ea4c8318c40ef1fbfd326a9c8ee184f84653b2222ff48ee562acad6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
907a8b9e42a1f770de89373a3e4b7781

SHA1
4364ab338ce58b1d44d929c3db99048192d50935

SHA256
360c5bd5d870c727e9c856bc7e7af2c74b80482792e0c24856fa442b5ac4c24c

SHA512
82987fe1fe92ac910a9aec13ab2f67485eab3c70fea5e5bf87a682c714398538fd60ee5872bd7f7c7a8e88ae1d40d2824af046e3a2bd1f79eb1c0ffd2e088ef3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ebb86e6f5b86496328442c600fd133ad

SHA1
e5ed8941927f3cedbf8fe6944443f16fd8278e12

SHA256
589076a67899e6df70b079ad0eafb27127667aef749a774d6ab11c2885494f02

SHA512
afea49eec6ebe9c869a85711ab6f9e250308584b334aac3a0bf373802d970f8c9122af9782d0b0100647415e91f3f16c571e370b36e7bf212c4f4d60f5bea16f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7b5b7ab28dafb06c3bd0ed08e6601df5

SHA1
b55914c98b6d4794f4194104c42e23e89e0f6ca3

SHA256
9b779c33298908a84cef30282ad3d5bb639b20b7a03728e2f3473a42cf985fd6

SHA512
e7990cca12677e07befbd8afaac421e16be8e603c5f84496153041ba7362d5c870a461c144100965a0e450887cbb4e4adc51ae9ae76aa98b2693172303540dfc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
c0a8d8fb18ba3599470ac07e9d4c21da

SHA1
2f2224b6cc6a91d2fa459341bcc56939d9aaa964

SHA256
9c779ba622e829246d42aad03d6d5eeb4763d87669009d4910b2a0bb75f1abe4

SHA512
81d1d7b3d1b8faa18d1e735c2ddce71141bab23862bef1649dda90b6d67afc705306a13b352b578f1a30b22522a60524c3382b9a86503c981b6f58c88050388b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
14bda2f1ac3ff6639c3c240fbfca881a

SHA1
5850f40a49e51fccfd4c45fc251b6e76d1d91d44

SHA256
13530fe3ccbf7c3e7e3f57932e2d86174041250362f350f87f9ebcc1a8a16eeb

SHA512
f2ccbb9706ae08e591c2dbd21c5c5bd289ca3772be1dc7bf970bac6fc31dd5aa283d66425cd1ce04d01a80ac9f50e1315f0700878fd35387bc97dd791c9b7993

Download Submit
memory/960-321-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/960-329-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/960-325-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/960-252-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2080-322-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2080-256-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2080-11-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2080-42-0x0000000005910000-0x000000000592B000-memory.dmp

Filesize
108KB

Download
memory/2080-39-0x0000000005910000-0x000000000592B000-memory.dmp

Filesize
108KB

Download
memory/2080-326-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2080-209-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2080-43-0x0000000005910000-0x000000000592B000-memory.dmp

Filesize
108KB

Download
memory/2316-323-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2316-14-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2316-620-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2316-10-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2316-257-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/2316-210-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-237-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-243-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-251-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-0-0x0000000000694000-0x0000000001796000-memory.dmp

Filesize
17.0MB

Download
memory/3664-211-0x0000000000694000-0x0000000001796000-memory.dmp

Filesize
17.0MB

Download
memory/3664-208-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-9-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-1-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-613-0x0000000000694000-0x0000000001796000-memory.dmp

Filesize
17.0MB

Download
memory/3664-618-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download
memory/3664-320-0x0000000000690000-0x0000000001CD2000-memory.dmp

Filesize
22.3MB

Download