1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Resubmissions

29-06-2024 10:54

240629-mzzmpawcqb 8

29-06-2024 10:54

240629-mzm9nawcpe 7

Analysis

max time kernel
1799s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 22 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9
Destination IP	9.9.9.9

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

AnyDesk.exemsedge.exemsedge.exemsedge.exe

pid process

2896 AnyDesk.exe
2896 AnyDesk.exe
2744 msedge.exe
2744 msedge.exe
2904 msedge.exe
2904 msedge.exe
5076 msedge.exe
5076 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

2904 msedge.exe
2904 msedge.exe

pid	process
2896	AnyDesk.exe
2896	AnyDesk.exe
2744	msedge.exe
2744	msedge.exe
2904	msedge.exe
2904	msedge.exe
5076	msedge.exe
5076	msedge.exe

pid	process
2904	msedge.exe
2904	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

AnyDesk.exemsedge.exe

pid	process
2832	AnyDesk.exe
2832	AnyDesk.exe
2832	AnyDesk.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

AnyDesk.exemsedge.exe

pid	process
2832	AnyDesk.exe
2832	AnyDesk.exe
2832	AnyDesk.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AnyDesk.exemsedge.exe

description	pid	process	target process
PID 2824 wrote to memory of 2896	2824	AnyDesk.exe	AnyDesk.exe
PID 2824 wrote to memory of 2896	2824	AnyDesk.exe	AnyDesk.exe
PID 2824 wrote to memory of 2896	2824	AnyDesk.exe	AnyDesk.exe
PID 2824 wrote to memory of 2832	2824	AnyDesk.exe	AnyDesk.exe
PID 2824 wrote to memory of 2832	2824	AnyDesk.exe	AnyDesk.exe
PID 2824 wrote to memory of 2832	2824	AnyDesk.exe	AnyDesk.exe
PID 2824 wrote to memory of 2904	2824	AnyDesk.exe	msedge.exe
PID 2824 wrote to memory of 2904	2824	AnyDesk.exe	msedge.exe
PID 2904 wrote to memory of 2124	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 2124	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1516	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 2744	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 2744	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe
PID 2904 wrote to memory of 1020	2904	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2824

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2896

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.anydesk.com/knowledge/anydesk-id-and-alias?utm_medium=app&utm_source=adwin
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba3203cb8,0x7ffba3203cc8,0x7ffba3203cd8
3⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,16635015393553329903,2168976084156944626,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
3⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,16635015393553329903,2168976084156944626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,16635015393553329903,2168976084156944626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
3⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16635015393553329903,2168976084156944626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
3⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16635015393553329903,2168976084156944626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
3⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,16635015393553329903,2168976084156944626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8004b9e692940bcd6d8ad706e5107662

SHA1
7f1d9d9941637a6956f24546d9a41b3af827e447

SHA256
3a8d09f163b6dc7fc2a546ae3462ec1cffd5f5c6577535ca406bb79fd7c85f77

SHA512
76eb55b7d6f4b38f7bb4293be6d79ecfdf31776b174b8e6a1ad06a510c3a44f32330c68c8e7b8f4ceb5cf6e39daa0d8f740c5ec5b04adf2a727c2dafb611a03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
7f0ef2da968a8fc06557f994414bd8f2

SHA1
512ebac782603ada9cb932b8b821e97198c820d0

SHA256
952793238393287101abf653400f2acce8420c82107fe0de1cfaa64181a3d798

SHA512
e95673d69c2cff1dee90a9b9cd04c2cfab489450716a89c9258a93059be6625ad5c17f5cce5ea7052ddffdb78648e8d1e144e704f44802574965998a46171388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
7KB

MD5
955cbe5c4f690414f2363f4118a2cb1d

SHA1
0062f2432a96a49fe327efdff092129ce3bb65c5

SHA256
b3c389a7ec82d269a39fafa733f3de927e773a8c6cff4fd3579296508f33e310

SHA512
fa67c910a3b768db8b283e5bed3c6a7130118062550ebc406361c67796cb085b71015eb4e2b2f9adb0d3600f9ea55d402c3ce85b014310a9de348ccd78bdebab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
9KB

MD5
414ca69aeac6f3e0952edc10e38981c1

SHA1
fc79f9cbc0f1bd200ae940ff002ad6dc5ffc8eef

SHA256
21e1adbd3a140ea0f442302999eebad4e3f4a7a76f5d77a61b5ce0fce614da95

SHA512
cc4fb752c2a3dfe1051cfa74106d5e29c048eacbf634b79b8737b6b37f33c72aae075020a750fb61c2423ccb88f20eafc76bd3e0cacd9a7107e34720407f963b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
Filesize
2KB

MD5
39fb154e429a0c5da4a947724376a331

SHA1
a304000f724bef44b71e31e8cf73061aab300fbc

SHA256
17bcdede4d481130fccec64fa54a4d50a8258425bb36d0be39269fe6e3f6976e

SHA512
a5bf499614987635b313d9ee019a9ccc2df75d9c015c97c94e85cc265cfda3fdf8d0ad20bad85481699abea969f11f30292e5172fa04e87915fea31e9f3d85c3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
424B

MD5
a6021a05b291310860f332d529b2f08d

SHA1
a256889332468d241917664e2a9ff04374d33625

SHA256
bace2d5d3b3fa59ba4c5efae0d4b307304944cd328eb6f58a2947c518341e447

SHA512
8034a6f5118cbe64964f6342ec8cff1d6e43f920905d9d90154c7f5463465714f5902359c3eecfe6c6809da5d83c7cdd4263c26e6bbc8d75882b01065831fc39

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
424B

MD5
c5a0e860234e28bcd8166704eb115082

SHA1
aa9b3979052ca247006f1437a74d605765a5b1f1

SHA256
e4b3242c10930a199fbbca4e437cf77f0a45ffb9bf1ffb62735ef2b1ee0b1981

SHA512
5362c1585a128bcb1f7009de5853de420429f9e37392941a45b7dbe12ce88338375a10221381fbe724ded90b76223072bb78f8ba72f1557be97435fc4185b315

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
ad15330dbd181ec97bb985ccdfa4fdeb

SHA1
32754da92602ea5665c584cfd6541bfe819c8918

SHA256
05945ee250913c01fda5c357e068dae9d9dadc24c32eab637cb60a4555a6e49f

SHA512
d1e0c67ae389975964de459d9fddd0dec50a0ea74377a61793641bb2a2d0636fc286219a40e3dd986d271f31a6ba3b35f4bafa75bab65f3ac5e9967c88784be9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
5733c479b81e96f52f9b022abd71b2f5

SHA1
3648b86c41c118d2fa889c4dd29b910d88cbd970

SHA256
58b480d103d16fb583e4eef5cc2c13220481b4719c03166ce5b54a2ad9fd848c

SHA512
494342e71cfd8de4799018cdc4b462b4e1da6aaeb16e1ddcd208e466226b690254e0564c0ae0c8c8c7ff187b995aa418bea23b450634a7b0a4df7270298b2852

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
c6d6ef805896a9e9af9e59e29b6f65e5

SHA1
814d8dd4510677e5851927edfaeaaa5f4e911070

SHA256
852bc4bb9635c8891778b731b89e937382244d50e5cfe43aabab6e115129cae3

SHA512
362d41535f6667007a5eccccb3a4fef9de61cdda1614ca9ac75b239bf1fdf037c33270153841a7981fce56a365e9eecee53ab2f7b9ad0a225f4d3accd19daf9e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
6a49d6d8a3a0bb667d4b7ae9604e0aba

SHA1
51c687ee08f60d1ede2710c58774a440ed3e321a

SHA256
1fa139c24db6bc2292bd18b12c6e7c7df3306a0ab8805ba87de76017f4afe4aa

SHA512
38b5bbd34129832fa33e19244e34982489bdd9d4bb053e130d43ba52ff675e1eae2846534fb59f7484e6d2822f05f5ecfc7f538bd42b075c49c93e634536b460

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
5bb870d695eb1f2d2a8582b0fbe00790

SHA1
9793c102a2006fc8c0fc86fcd994489cdca21c21

SHA256
f553381fbab4bdfe5081ead263b80c6594746c3117f940774116baf2fcdecb61

SHA512
f37d677098673af37fa6fa1950fbc52a45dcd1acdd15205fd741abc526d9e9eeccc1a3934edbcb8ab018f3e73f7f9664e196ad0ab5e5f8a1087a13b8177b2d26

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
29d3b6b67c0ceed2e788cefeb045bb65

SHA1
b905f3a858e068294fe2a5b99ce10340eea9a391

SHA256
57025be2b858cfdf17abf307ad7eba4125ff0f5881e00d09b5a1d8c919b99ed2

SHA512
de495dfe19ef7f2ca2027509bcf83549dc014372fff6e4e5e7c7b8e24206c12726fdbc00e61915cd766bad28e4e87308a518004ef5a204c51de5bc66a08ed43a

Download Submit
\??\pipe\LOCAL\crashpad_2904_OOEULUHDJJZMLGHS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2824-174-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2824-100-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2824-181-0x0000000000B24000-0x0000000001D5A000-memory.dmp

Filesize
18.2MB

Download
memory/2824-2-0x0000000000B24000-0x0000000001D5A000-memory.dmp

Filesize
18.2MB

Download
memory/2824-237-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2824-7-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2824-0-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2832-102-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2832-12-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2832-413-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2832-284-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-216-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-175-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-10-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-238-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-283-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-187-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-294-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-297-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-324-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-412-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-101-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-423-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download
memory/2896-443-0x0000000000B20000-0x0000000002269000-memory.dmp

Filesize
23.3MB

Download