29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce

Analysis

max time kernel
892s
max time network
899s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250313-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250313-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
27/03/2025, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.4MB
MD5

f884234422e727ade2bcd29916264de1
SHA1

c90743f008f4caa7caed9f4b9f2b82bc39f52aa1
SHA256

29d11eff3ff64a53d41f94760f5170b4b176df6d2b7e276d5145c8e3bdaff2ce
SHA512

2efffd5e385723e054c6b142454cd00860941caebad447d4cb305cf2b1052d2063c2bbe1adbbb5b9a04b46e5d0bbe7814f3a746a0570f9d0b4691c4c9b47008c
SSDEEP

98304:pPdU+2966olQpKjALWuuvHemTHVfHsYFw4AMupfBcmGBTP8LanJbDrs:py+2r/pwALXuvH7eYlA1pfoqanB4

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2366915068-2945093646-1682508031-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
1448	AnyDesk.exe
2532	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1448	AnyDesk.exe
1448	AnyDesk.exe
1448	AnyDesk.exe
1448	AnyDesk.exe
1448	AnyDesk.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1448	AnyDesk.exe
1448	AnyDesk.exe
1448	AnyDesk.exe
1448	AnyDesk.exe
1448	AnyDesk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2532	2656	AnyDesk.exe	82
PID 2656 wrote to memory of 2532	2656	AnyDesk.exe	82
PID 2656 wrote to memory of 2532	2656	AnyDesk.exe	82
PID 2656 wrote to memory of 1448	2656	AnyDesk.exe	83
PID 2656 wrote to memory of 1448	2656	AnyDesk.exe	83
PID 2656 wrote to memory of 1448	2656	AnyDesk.exe	83

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2532
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
eb75ac66c01f492b043bf4156a39cdff

SHA1
23175af861ba873f725775f02900d15424aa863f

SHA256
0a7933fcbc0d5168276502ae41b1a65440d9439126acc39d9db0085983905ed2

SHA512
c23537d65f3be767dcf1ab3bc2feb9b317df0e5e17e2467d924f4e74653667595ee4c84d7f1534fbbb5df04d52ee4ad243fd03222a901ee3559f55df5e8c7934

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
a0932f692054350cde8c7813850d70c9

SHA1
69d7437bc3df0f47ef25fd95f2cf3d45a9c41ca2

SHA256
aeb8b3150c3322fa980c6765c04c434ea1ff7dd26190f447fd6c7b9e3befefad

SHA512
f01f1c898722010594584045f937f312fcf1345b28226212ee752023d1d008a3a5658ad6c8eddbfc49724ccdfd14b33c0b9af3dcb6451cc943b76c5a7747bdd6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
68a05242c2d87d63dc5893d9ccd09122

SHA1
fb6f2489955b66c009b8e47a6799ee9b7a0dd41c

SHA256
aa216e368bdc37782d80ba8e5f59d19ebfda88970a11c0c69cb5da52cf3246cc

SHA512
23843e71b66b3498d7ae0e91e6d75e921027fcda30b9d9122be33a62fb9edacf9064fd878b72111b206cf137d96371ca3bb37504eeb4eae16dfd2e8e6079d070

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b87c3bf5540d6a088689c10a45fd8acf

SHA1
4e05461daf24f187e179d90a06f2718cefeed41a

SHA256
760a1eddbbca1b078ceeedeacd675a92ddee5305ca2fc55885902f00bf9a1e47

SHA512
01814ba8927601d0b8528f17c08a8b4e74154efe2dbcf509b67b390ecd9026c67927ccf51522dc9b8d3e3d15f7e587d3fae55ff08e8d10100861dfbc16918dee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
391B

MD5
7d6d02901bb5da00c56b91c8134f07ae

SHA1
6c4ef96d8644b2e353f330dbd5d5b5ad722ba216

SHA256
e6387a89cb0c5f3791d5390efc30e91c56bc7e733d26e0b5e6615eee3607c5d2

SHA512
276c58bc21635b1bfccba9c509f7bebad4779f95a5f2192058553ce4409eea4a430ba53641e2868b9cffcbe74389d6f171dc68db30c5feb3a4519763392773ff

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
dee85c38d6edf41967a6d9e8d584b7bf

SHA1
e5f56285254e8dc513bcc6e818879164faaa8fe3

SHA256
0eb10a2afe185a7fd5bfa386cff4814910a81cee0ba419e9d12572a3a6672241

SHA512
ef18b427183e8cade1ebadebab6d44f7da4d23e862f0dc6cb098a4974e14667d69c8e7fbc68fed892f3eb20f4e3e14e349f08f476dee4e36d0c0a93c60bdeeaf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
556B

MD5
980bb6d12278c878b2cda7ea03d37551

SHA1
2f610d3081b54a9e89c3ecfb7d1660ce2587793c

SHA256
83f7623c643a1464bc45b8bb970079286abc7ac6d77b075566c6f60380624406

SHA512
94f59363c02714fc56fa95b654f2babe31521ab31ee21ebfabbbb4c1584c1396b6321d5742966c57f9af8e8b28ba9658292253d7790c55093bb34ec6a550555b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
a7de4116539f603fdc388382a3d5d836

SHA1
5ce901daa426761361f61179d9f06080b0409783

SHA256
5a13e5d4e755c1056d33653071049fdb64e53e0eca60bc06d43e0d18ef52f0da

SHA512
67a1fd6b03062ec9c6e1d642d7f8e32decd4c1cee4944ef2d48bb6769b724a8b1dd9f22c5aa8eda0b859c0d2d4eaf2ac97a6f28723d0563b3d914ac5c0dba13d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
cecfaf24e327566c8baec5ed1b346e6b

SHA1
944f655eeaecbefd53c355e1263d681194129116

SHA256
5e07145d26575b4afdc1b312da1b9533aa41ccea9705ffb9b533ea9419ea2007

SHA512
ee3533eec917cf7171e2bd328664b31bf8fd6f61bb156d61244f79ed88b9418676e278568fc0b80b03df71b3c2049ec028d41c1b360fe385bde5029af1458459

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
bbec0a1822c2a9095ddda4a96774e47a

SHA1
4e302fbb988847e17f04809a0f2cd081bc29e18a

SHA256
e3dcaffe0c9e941616c292da0973f5c4c2c072f20f6632bda6d6bd3b15ae2c8b

SHA512
fddf32fabb00f4486b8bb52cad374cab9f7a62f2726c8fe77cb095fc183378bee578b591b9039e9219711b5d5a6f82e64315403ef25803002f10a26660ee9d3b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
573B

MD5
7f6c0c80680106c7bb45cd91423f4db3

SHA1
de738e908e62f34a23e770d40495b2cb2fe1257f

SHA256
ff8f1b96038d78af802fd0e9109d187400e55285b6aac00345093b4023e6f61e

SHA512
e3d636833266b790a4a847440fee2123bb4735565280c3dbeb39eb40aef6def06dc601c47530f290471be880a9a3c0da16d5fe13fa7d89459d8392a174beb29f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
622B

MD5
14f677f5a044409c3120c19dce18144e

SHA1
a7f0f1b7db6e4b0a83e65dc98907f00008f2ee42

SHA256
57b010f57d45c49220e043f824f3d6766b67db7504cb58d41ec93e0be009e842

SHA512
03e56063b7f4feb8bf8e533b659ea2ead9aa7bb73967b4f28dbb627fa51a098ae9a67e77ce70e8213b595638c38d0b586181357c9e12589afd3f96408c53cf92

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
833792b9b0a73adc7e8fd050ee67148b

SHA1
ccb2e40235188a2a414d9acb5f630d6b704c6fb2

SHA256
ff8d2b9d083983ab19f903cce85f768d14f5d613dd8bfe03460e7dee247f9bb2

SHA512
7951ffeb8a29ca94fe52d519bcf03e7e0a4f7e2a97e6a8a977df02779a302571a9fccab4fed7f75b2e08373af4386b774fe43571ff0b366e6de2937ab29e1acb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
367B

MD5
486b26bc602c37d6366f73bcca53fc15

SHA1
3dcd6e3b73a8a328e5515f6375580951baac1b6f

SHA256
150c73303d3209237e62a6471efccfe96f71d8f488ded3b58e88c27c74bd31db

SHA512
11e329fb4835203b0d0d08c8cfb2a0e55187af7e9180af3ba0407d254873b5a1efac2e9cc8345f86b67d3de09ff0d69ec7fb4221bb6943fdfdaf3dc49e79ce5c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
823B

MD5
772e26f96efcdca9a109c07e03e4afe0

SHA1
4225ed5c491a8e31a59d800b5937729e25b97706

SHA256
848ffbec37c78d93ea096af31a5f2180d9c27eee7699d3c7290381872f0d0a8c

SHA512
aa508383c2f19a95cc745a353ddfbb11b26aea21f9f42f520e2ae6b51e119035442a579ad5178275891c3dcefa104683e422e35630d93989a7c69cb473ed7cef

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3ac0e3df3ee0170f201716856f4dd1e5

SHA1
f14b4aeff28a57fb4c7ad5a414dc56025029df6c

SHA256
929a0a75139b0776ab00dd2f3cfbae4f2fd426ff8d717dabb27730fab92facc0

SHA512
54dd4d50b0738c69ca29a0bd6a1eafbc070faacaf84c8df87af1a1f990155f362564a05ef08faed3f678a16c2162b1efc1ab3d08f18307e97a31ebebb83349cd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
c7bd4aef7427d9aa1fd304df47f7b34f

SHA1
65b3e8a0df2bcb2e10f9f592f07afaf8bb64e647

SHA256
eeb01e0a5292ad437af9aeee14752d996be9ba4ccfd4053b83a38d0a3b68355b

SHA512
f5acc7dd01df9c6d45bb4caa012dcaf3e0c7a3ce01b4cfbd1cbfae6c5ced6cbdf0ac4f7f0bbab9343bb41d0d0a958fd12744c22e688f88f91dd7edf580a9622a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf~RFe5787fc.TMP

Filesize
676B

MD5
33800d935379956cc334fd21552e94fe

SHA1
5edb7bfbcd78a05b18a89f03e01ea77a6108f894

SHA256
4ff8b45b5d0239934065a485b1448fcb07e8bb8c75e9f9ee16347e57cb71d5e4

SHA512
6f78e05951371f6c7d40b0af7ff8a37e997dea54e94ab351885e97b6532b5f14efd14c23d1c6fb6ccd395654c8cff78e2ad79f5a526d3a96348329bff902b13c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
41B

MD5
a787c308bd30d6d844e711d7579be552

SHA1
473520be4ea56333d11a7a3ff339ddcadfe77791

SHA256
8a395011a6a877d3bdd53cc8688ef146160dab9d42140eb4a70716ad4293a440

SHA512
da4fcf3a3653ed02ee776cfa786f0e75b264131240a6a3e538c412e98c9af52c8f1e1179d68ed0dd44b13b261dc941319d182a16a4e4b03c087585b9a8286973

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
55B

MD5
c8a841061294ea55fdecc38bf146d3eb

SHA1
04d399d1dbb5abc75fe30c51620073d1d5488e95

SHA256
092a32d6b155ab8b5aaac22079646a7614f0c71643256f93d5c5fd1f2c73a36d

SHA512
a1a0c5072de41be3f95bd8c9e5ec0162e490b7ea07b191fa9a4936b8a47d08e13788991a05a2b5ebc54cf3b39db79aba9ce1e2a74d89b444cc2b183f4be53d94

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bd7d29fb3184186b6e78b13e01f9db5c

SHA1
afd6780730362d18afad9fa57cba1051c445f15e

SHA256
589b1816d672259fab9b69e16a3f33d4b0915c9b95f90bf43bfdc9e93268d2bf

SHA512
4e2c2efd5fb546fc81e46efaf8f8583925a3e14f43947c7659817ba6695ed3f010865ebc97c2fc1ecf6030b5627d3936ef6a5c0deb33d68a305b2974722ff71c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c2db71ef987f0a6fc70a5d725578d0cf

SHA1
4c6bf7de8d9a21f1978a91a23d58a38fec73b38f

SHA256
87af3e173d9d61e915f8e46b6adb73b811e0dd7f7280b49c5e7d8544010c3efc

SHA512
15ef4cceb726621ce8eb107be9e885672c71ff30b05520ce68e0113f8d5b1c23c72eaf395542874ba79e973688ff54812752f56bad14141811c965098156d609

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
febc667f752644ba8472a92a46dc9bf0

SHA1
7b826a6e1f33da4cdb621c5cc5d13c994d809262

SHA256
8982596c5b2c1bd78093eba4ea73eca4eb635d312268f03c2f133a7349b87ca0

SHA512
058250ba95ed96f5bd80cfc0f3d3952bde4acbb70b3ce055ce21aaa498fcccec78c7266ca7eee0c12c74bec1df444444b8dba7ff87d0666203914991cc139503

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
eca0068916d265a817a9f8e214092811

SHA1
95d8ad0d41d8dd64a67a9b27cdd4c4422235254a

SHA256
9384aa765fab433d4977d93fd7ca95241985a59c17e362ef8d87516d931e059a

SHA512
66a42d634fa39ef1b3947f8744b771c1cd6edb226853be7dc9d3d3dc31c155dec89551ddb5aad2536e2583218cc218b926988a8d3567400acec839b49b855d6d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c96aebc331b7e81b7cd00f930ea1fff2

SHA1
b060f1c87600c137888f74fb87ebd26b2732a7e9

SHA256
d30533dbbcca52778010732b7db5c390ff8ab5d02ec97be92c32471274622f90

SHA512
d445b7cae2e553b346b111663bfc3580ee08ebc8785d06e2c062d40330cd92a7a046da0d37847d16325f0ffdf798e1109d499fe1a4abd532aefc60f681b9f7ba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
467644bbfc8d92b16206c1db0b8011a7

SHA1
b44c3cec3fc5a26ec9ded40e53467c3a53201251

SHA256
f8dbace2b0c9d2730f8201732ec1dabe4a118be69e90d91433ca4bc58b1b9c54

SHA512
c19fe9d0b3b8cd0f257e36cb6c62175da81ea8172e6c72ca6a7566eca601cfe4215cd65679ff0da3ed0957ab7fd9b2f94e41242268a84df262c6c277138dcb1f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e10ab2e0f838c95ff6a0d6e5d40058e9

SHA1
8c1514a17e88f6e60fe2d1ee520a8170ac69c2ba

SHA256
b42f3880a6e3547bf2d148d67dc585e57a187dbb1adc8c62db25b8220c55baea

SHA512
618324bd1061105b016c59ad8977c6e0fcd5a084aba369a5893b6d1622debfb76a5e70dc41ce2d044e7dc6a0a8d6d5bb9ca6f61c87dd058fcd175fb5406c8be4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57a0ef1edbda6680d7a96ab84414dca7

SHA1
3f6287a9c6dc063c8b2246b2a497b8ea37d03749

SHA256
2c5ed0d906ac31dda56f4a0346736adc5752c4edb4a84453c12250809d1ddd1a

SHA512
abb2528d776f87a7dd386852c4104ec4ca4b7da7652577b2df8d2e620bd3744f1b6414872cfaebe208cfa7d3a4ce0c30100be32d0191ff0d37049b8af808e01e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9f8414f1464e1a6c37e1da6f869d64ee

SHA1
ae7af6ca85bfd1da147949f022075d6812ff6883

SHA256
bb37a8efa9431da24bc25508410c7212081318b3527d05bc9d92cd6d043b15a0

SHA512
6f478279eedf9ecfa9c69d5ef3acac0c2afa72d15c14252ac4a936ea4d9b11b409f7e41714fb1bd93c8813104b12970d36c4745a706fc14a41b547eb8a73b830

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8a54c91dbc37fd1342c554ac3cddd629

SHA1
35bf7727d4fb3600a35646c4caa93501190356a2

SHA256
c84c574f22a23f7cbc21556eb754f59f3e513da9355b074efd0ff8618e62480a

SHA512
875001a2b47a7053340b08d8e608f4389865766489ff565e09d7d08ab60c6b1bf4e9e811aed3fe3969f7fe32369928ac33b9bd85159444d5332a10107ef245cc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f37aba656e721e424722bc7a0c504cc

SHA1
7492562461aaafdb76f3f4eea195c1149dbd0bea

SHA256
f5abf26b02f1eeb7274b6128ec0d62675f97d88971b30d361b04be660f476a52

SHA512
72cae01f6576186899b2e3c84389aef2a67e4e50dfe858460585c5e4acaea8ea2dc905c30a7340843f3b7b3306f5bee8b1c94c769f2d0b525ee3e565197ca1a2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e1d06bcbb5a4980e810786fd999b0c42

SHA1
7eb533bd12624fbd56a0b9c97ecc7d3d0243d601

SHA256
9c6265cff220060bc617878a9664c985f1a8dea79944786e8c859e19e03a9844

SHA512
c5b69fc3bcf4050ff33112b75a0132e4894435f70bc8e4de2469569177ec76ce3ad5891577e25018c0646b5876d8227dca178c9cc1da2afb3c1504d888b5337b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6de479f037e23960d969aac4a9020fba

SHA1
9f8b42a7d92281c38680f421ee5148d8c83a5ea0

SHA256
5975bac651ff20634cc76c7c25c5ea08d79a80e22427f755715cb901bc6a7987

SHA512
586ab4dc083d73782ae178483298d67ff8c1a302d7e7e1b1f8d616c6b5a53d6eee1fbda3556ae057fca8dab201137c15e154276d8ffbc35cdce666e003c179dc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
dd22541d26213414b4a98bd4179fbd52

SHA1
ab75575a02b190656d38b5db83fcbe660d7af6a1

SHA256
390456b3116c71965a67d4e15a77da0d61df3e6f11f8b03e6201b3cb1b498aa9

SHA512
c9cfaf27cc927d8fb76e63ee9975bce9039c810858b8d11ad2cf34cabfb375761686c51347f6dee070420bee09c4c668a88792c988894305f0ce01815eb90237

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f6247524b30c6d3c6bff49de905169dc

SHA1
39f853419cf701eb9402ffdec63c763b8cb3f07a

SHA256
8bc69fd5a7d94b39a5d3bb4b31730a5096e76edfd9875def5418b70c97b413fa

SHA512
28ef0552c3a73ecce450f23d13accc737776347903cd727d23da6c0856d72644e25ca1ef7e6a980aff9ef6f2d99f799a8603a070ec1849dfc7ecd5535949130c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
865415ee9393b155bab2aae3e80e8bc3

SHA1
24c0a27e2734385533cd832939fbc90265a55268

SHA256
f80159e98f075d961890514600a1c66899bed258b73af4553c0f493c97bf9c9b

SHA512
c4a064bf9a03f9bfe11665958bdf2cc70b677a098d8c94a358787a599f5738405cdc6417958932985597279b7008ff8de33e4190c2bd59f1aace42f8f7ad5e58

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
7b77b755cc658641eae84141ef9af768

SHA1
0b1070c2998574c024ea145aa7ef55ff4f5f9642

SHA256
b27db49c984f79839a26151ad3b8152e8c34e423abab9c3245d7fa69b1456e1b

SHA512
b0c42730cfd6ff5bf5e2a06dd96cc8353103c53d7a71452b9f78c23eaa15a3bbecb4b4c43938cc15a8ddd5059540e8cc8d45769a22a1ae03d484e9fd7fc537c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf.new

Filesize
5KB

MD5
ef95014c147008b01648eeaad0b4d907

SHA1
f3b5c5d3e8593274dc0e4fd58b011bf5969a7988

SHA256
ddf6e2d15b9b12f90e6efb3bdc98e60b2307dbfe3fcbb34aa20509d04d696c87

SHA512
dfe740b7e023aeff9b2bc5514a9f95d1bf110b6a566d45f1b620ddcd7327a94e0c1589c67e7dcec5678cccdb78b3cd3a39c0fa88041d1abe19e4912c69502d12

Download Submit
memory/1448-41-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/1448-1123-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/1448-45-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/2532-165-0x0000000006370000-0x000000000638B000-memory.dmp

Filesize
108KB

Download
memory/2532-43-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/2532-166-0x0000000006370000-0x000000000638B000-memory.dmp

Filesize
108KB

Download
memory/2532-162-0x0000000006370000-0x000000000638B000-memory.dmp

Filesize
108KB

Download
memory/2532-1122-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/2656-8-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/2656-1-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/2656-1121-0x00000000003F0000-0x0000000001B14000-memory.dmp

Filesize
23.1MB

Download
memory/2656-0-0x00000000003F4000-0x00000000015B9000-memory.dmp

Filesize
17.8MB

Download
memory/2656-1124-0x00000000003F4000-0x00000000015B9000-memory.dmp

Filesize
17.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads