fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Resubmissions

27-01-2023 20:15

230127-y1p1esed41 8

27-01-2023 20:11

230127-yyfc7sda53 8

Analysis

max time kernel
1548s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2023 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
552	AnyDesk.exe
4856	AnyDesk.exe
3968	AnyDesk.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Loads dropped DLL 2 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
4856	AnyDesk.exe
552	AnyDesk.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 27 IoCs

Processes:

DrvInst.exe

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC71.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.gpd	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC4D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC6F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriver.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC70.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\anydeskprintdriver.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC4E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriver.gpd	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC4D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC71.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC4E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC70.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\anydeskprintdriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC5F.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC5F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\SETAC6F.tmp	DrvInst.exe

Drops file in Program Files directory 4 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	Process
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File created	C:\Program Files (x86)\AnyDesk\gcapi.dll	AnyDesk.exe
File opened for modification	C:\Program Files (x86)\AnyDesk\gcapi.dll	AnyDesk.exe

Drops file in Windows directory 6 IoCs

Processes:

expand.exesvchost.exeDrvInst.exe

description	ioc	Process
File opened for modification	C:\Windows\LOGS\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\LOGS\DPX\setuperr.log	expand.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem2.inf	DrvInst.exe
File created	C:\Windows\inf\oem2.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DrvInst.exesvchost.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 41 IoCs

Processes:

DrvInst.exe

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe

Modifies registry class 16 IoCs

Processes:

AnyDesk.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol"	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" \"%1\""	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon	AnyDesk.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

rundll32.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
3592	AnyDesk.exe
3592	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
4320	AnyDesk.exe
552	AnyDesk.exe
552	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

svchost.exe

description	pid	Process
Token: SeAuditPrivilege	4548	svchost.exe
Token: SeSecurityPrivilege	4548	svchost.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
1492	AnyDesk.exe
1492	AnyDesk.exe
1492	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe

Suspicious use of SendNotifyMessage 6 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
1492	AnyDesk.exe
1492	AnyDesk.exe
1492	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe
4856	AnyDesk.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

AnyDesk.exeAnyDesk.exesvchost.exeDrvInst.exe

description	pid	Process	procid_target
PID 4816 wrote to memory of 3592	4816	AnyDesk.exe	82
PID 4816 wrote to memory of 3592	4816	AnyDesk.exe	82
PID 4816 wrote to memory of 3592	4816	AnyDesk.exe	82
PID 4816 wrote to memory of 1492	4816	AnyDesk.exe	81
PID 4816 wrote to memory of 1492	4816	AnyDesk.exe	81
PID 4816 wrote to memory of 1492	4816	AnyDesk.exe	81
PID 4816 wrote to memory of 4320	4816	AnyDesk.exe	90
PID 4816 wrote to memory of 4320	4816	AnyDesk.exe	90
PID 4816 wrote to memory of 4320	4816	AnyDesk.exe	90
PID 4320 wrote to memory of 2256	4320	AnyDesk.exe	95
PID 4320 wrote to memory of 2256	4320	AnyDesk.exe	95
PID 4320 wrote to memory of 2256	4320	AnyDesk.exe	95
PID 4320 wrote to memory of 4372	4320	AnyDesk.exe	97
PID 4320 wrote to memory of 4372	4320	AnyDesk.exe	97
PID 4320 wrote to memory of 4372	4320	AnyDesk.exe	97
PID 4548 wrote to memory of 3520	4548	svchost.exe	100
PID 4548 wrote to memory of 3520	4548	svchost.exe	100
PID 3520 wrote to memory of 1056	3520	DrvInst.exe	101
PID 3520 wrote to memory of 1056	3520	DrvInst.exe	101

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1492
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --install-driver:printer --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Windows\SysWOW64\expand.exe
    expand -F:* "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\v4.cab" "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver"
    3⤵
    - Drops file in Windows directory
    PID:2256
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /if /b "AnyDesk Printer" /f "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\AnyDeskPrintDriver.inf" /r "AD_Port" /m "AnyDesk v4 Printer Driver"
    3⤵
    - Modifies system certificate store
    PID:4372

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:552

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4856

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:3968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{dbea00d2-070a-214b-8525-973135605cd6}\anydeskprintdriver.inf" "9" "49a18f3d7" "00000000000000B8" "WinSta0\Default" "0000000000000134" "208" "c:\users\admin\appdata\roaming\anydesk\printer_driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:3520
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{1e6033ca-4aef-c04b-b49b-8e6ed2a33a2d} Global\{02808251-d79c-ec49-8809-9de2b8cddb04} C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\anydeskprintdriver.inf C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriver.cat
    3⤵
    PID:1056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\gcapi.dll

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\AnyDesk\gcapi.dll

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\AnyDesk\gcapi.dll

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
84921af997c2943e67ad44cc4c205a74

SHA1
b3deea4aea3c8f03e67facf17d5ae836a22888e5

SHA256
668578dee4ea9d81c1a6f2e5bfacc14b06e644881449811d4438f044aecb291f

SHA512
ba4ad291bb75e5068655d04f6f98619e847c9522faedd12ed5f7a31446f0ada2f97081c8afaaacde2f41a456abf200ce6319294ee1090fd418ed19a9ba6d06f6

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
487c86169cf2cf59cb15c2238988216e

SHA1
0510898177bde4dcb65cb982f5394e501da23c27

SHA256
dbdb4612778dfc6853e448c120d35b1fa55f8e5e5f0cda1cd640ff402e06ecf4

SHA512
a11edde83690de8f1222c240e9d32d78cd586ed6deebc961bdeee274571a0839ce3117e5d35b2cbe07edc763dc11052333131c4492990a811205867ec5e0a4f1

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
1KB

MD5
f37abbb5511f1b801a4732ed2a9da4ea

SHA1
eb61ef2b65065ebc0dc2d0164721bb01a594e1d0

SHA256
73b8c49377c6fe6c881588b3eb8bd809c7426260cf6144651710d2d27c6a8290

SHA512
67849469831857d1650b0b7c4cb1bd2e34af854c6a6e9ad9e03bb50c3b98b8d90dff8ad293e510d8bcb31e8dde84fc1db025db593fff8b7f70a7a3710b64fff3

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
1KB

MD5
179e30b8bf85f5a36435928ef5153ad2

SHA1
e6414bf6ac17cecc34210e2cedcc9567e4d1063a

SHA256
eb96a41627189a6c872be16b34e6043a8b13a58893d033b9fa0c28d0b64a0236

SHA512
9394bac6cde0d67ac116d4a18b20b642361e203f5115aa48f1c26d0cc3e7c8c0898092ac69da5658eacb05d84defa400a6a0f24992c31a743cbbef0f01d85d61

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
1KB

MD5
00bb3b6fb33fc0e2c00c039fa4cc9999

SHA1
82066c78500b45fbb77eac4390a4210996a132f2

SHA256
63d91c1db87eb651976ec0511687299d0650f261a2b7a2e89d39e766f6309eca

SHA512
70d0017cc577ce4071ea67bc0d32ca41dbe646ee695a4db1bc31365722330f76a728246ce66da899a80e9eb369c408fe3aea5b6cec48efe29a8bd4b2d885665d

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
1KB

MD5
0a892226d4593fa26072513bfdeda0e7

SHA1
d7bd49b3fe63767f93182f9117d82f55238a33ac

SHA256
ca7511238c41ffaa6982f1432f681e54e36b51b6bbb1bc66ebf74c7b1705c888

SHA512
30b2a3c60308a64d8ac8ebc86c8fe23e10293c4abf805f0cfa265cfac47d863b6ae1c04d3195d0fb3de27d3cff3c0f203b57864858ea6527b46cf148b60e88a7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
1KB

MD5
7492aed1304b1ec9087befcbe587301c

SHA1
2ac91169dc40e3a3c205e8fb927a5da8c37df440

SHA256
436a21b09e57b8d473ea736803082ef43df1dcb5d17f314fec1133a84fa3fd9d

SHA512
0b0584655ba2d0bb8d925a7fe538efaeadcee79554b65aedfdae3e670f5f98426b63fdf43cbe97c83d813a1a69f62982c12d57cd22bc2ceb0be9dcd0b16f05f7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
0ec6affd8b6fea10c44c795af4684e1e

SHA1
41fb535bba74b421d2031c0bba94d1013ec09a84

SHA256
85ed27488e7483f6716fe70c7e8880da0aa55b0140884e64621ecf766422ef79

SHA512
ef76620422e42c5c5cf7bfe975a9d58808c5ea47d783d886caf24dad0189b96da07db6a54c00523bd57aa0db12dae47e98463efeb62c34d615e10280d5118740

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
e23706dce85c136b083434ec890239f4

SHA1
085051717eac33cf433af01f08c4d778159a4530

SHA256
606ccd1a3dccb7d34906c1bec1f77865f357d955df9a8b0cb721370ecd6930f1

SHA512
f3c27fa6cce595a21adbeb4fada5fdf2e1b31ed2dc0e3ee9c88084abcf084e998d028680681a8a1cd13688ca70c28354c2ce54b296f418bcca4c4c975a80135c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
28KB

MD5
3ec38409b224878721c9ae8322eb4b13

SHA1
6ddb92ebf7a9721c813484b0490c1c4b2412cd02

SHA256
7734258f838aaf29f9d57432f271271742bb615206d7e1f834ddc6034e75eac5

SHA512
af0ff4f6cf5becf639d4264753b794319b0032afa1a9420d497c5684fd0497be7cf133d3a58452df37e8c8ba9ab7287e24dcc52f8a5c6d5115fb1241dd7acf00

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
35KB

MD5
da574776e0c5cdbed3526f0d1e5e434d

SHA1
6d3c7f853fa5cd4853fcd403fcb8f03a9da5f9b5

SHA256
b386ac23a688143eb74bd4076860fff871d0751fa2b1cf33be6b299cee38ce8f

SHA512
9a52e805750bfc91df43f76c21dd99cdf7268f27cb094dfd37aabfb05fe1f3d72d951779f5d6c3558ab57377a2a78031ff66037a47b00646d7c3be8cc4f53b87

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
a9c66a13b04649d18cfd43e69cae47d8

SHA1
a9cf4994558ff93cfaca1bbe9980335582ab0a98

SHA256
9a220f5bffb9c618cc7c1bc6116e053bf46254fc8cdf108dbf9472e9db2db922

SHA512
d2fa978a417c6c20f0caba41e6ef227f5d730fb52c2bf3eafec7d418cafe692469a30cc2f1c37da0aa4c23c052377efda83cbef371670b44cf27b2b6b1462238

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
458cb514bdbf6c762b5baf55cf12a3e2

SHA1
a1a27ee337fc79463574ddc546247e2aac86269e

SHA256
5a08ffb7bb1c0ced4a01e48560f1f95f0fbdc9199d1d0f06a4f45a60b80482b3

SHA512
09944f270ec1e7887a5765685be0c9b49cf5e0ae7e26b4a8a476eef3fcb9ef6fba3ba422b647208f7818e3bbb3c490dca8959e1ed6a4693be458076d9ddec328

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
36ba89945d15199bc36c70871c22bd04

SHA1
8941b35a9c1c6f0ca84d27d18d002fd27bd522bc

SHA256
7a75fb411d96491c4c7882f33d300dbeb1a9a788ad773a593f249a44881eff24

SHA512
87e4212ae21b95e3f27b05bbe1fafc074e4508e16af423e006adf0b51630c1018782a1eb920198506e1c787aded6027e71aa4f1a8212015aa171be79b60f2447

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
54f6d5e98a6ab54de211c9978f3d08b2

SHA1
6e22e7ccb7b266b7cb8e1c1c78ad86343ddab508

SHA256
5db8d114a5e0b74a320afb35df6975ee6b445b1a82a8b6ac72c42d56ee1de3b0

SHA512
1f953fb350780802fc4a1f39b3464474028cd09b9cb0c88b1edce0ee69cc13a140e4acc1fb1075c8d0a2f4fb54f5c8f1e8073e16880218063829052144ba4e74

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
54f6d5e98a6ab54de211c9978f3d08b2

SHA1
6e22e7ccb7b266b7cb8e1c1c78ad86343ddab508

SHA256
5db8d114a5e0b74a320afb35df6975ee6b445b1a82a8b6ac72c42d56ee1de3b0

SHA512
1f953fb350780802fc4a1f39b3464474028cd09b9cb0c88b1edce0ee69cc13a140e4acc1fb1075c8d0a2f4fb54f5c8f1e8073e16880218063829052144ba4e74

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
e0822c0cd1798087f3c297c3a7347642

SHA1
2d3d67609e341062da0c13e568cee4acea9d7be6

SHA256
a2fa7603cc5d3643042b5c65900220ebec91db68471a29cce63a1946b339ec12

SHA512
65261a06069856e96cb9ac24b9aff9b372e0c55251a15de8b0ed3f7ac9ba5345610a0e6a50b977b8d6186a2fdf7683e006f6c33772378a0c6369001ada273f54

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
801B

MD5
5aa9f9fc2bfee5eb1f23326d291e0918

SHA1
60219e4f9e8e982d0879281b0ff124e2432fe8e4

SHA256
85426c836001ee589d0a71f0537014bd275ffce675190980cd0afc5d27acba51

SHA512
0b5f1ca736a33a8da85b76eb81e6171f53a5e58ea64c43173d0671b9b28509f438c81ca8ea9242d69bfcccf212dda064a440acb2cd9dc97f3dd3d2e8fd64f307

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
3c91856a54fec6a0ac5f44420683b059

SHA1
b2d6fdf5b2fc212248ed8a9ee7c335966b8520db

SHA256
1462ccac1584ffc7a1cf1e509ba2d7ab21b0f343a4ae8178c26815fea0a59695

SHA512
01a4c0d963bb051c84173cc8343a72ae347224171cfcb0d64e88ede89c486f7c89fdbc84244f91f767b66588bc5b06093a45668e6ec21c5b901532250ce152c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
906B

MD5
007e764d2fe76d7abf9fc8dd702a94ee

SHA1
b733a72982aab4008be99d92697b3d96cf522e82

SHA256
ad543e63993a79173d539fba6dd12c1d543f20ca0e2cd3cdf4982bdcbcf7f2fa

SHA512
de9c6ea0f79c7b33a8f47a10f5f46c01dbb772d5b3c326cf344ead45986046f2925b1192dc427213cc555992f33e569ef98fa8cbbe9f7bedcb1386d675f62dbc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
906B

MD5
007e764d2fe76d7abf9fc8dd702a94ee

SHA1
b733a72982aab4008be99d92697b3d96cf522e82

SHA256
ad543e63993a79173d539fba6dd12c1d543f20ca0e2cd3cdf4982bdcbcf7f2fa

SHA512
de9c6ea0f79c7b33a8f47a10f5f46c01dbb772d5b3c326cf344ead45986046f2925b1192dc427213cc555992f33e569ef98fa8cbbe9f7bedcb1386d675f62dbc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
1KB

MD5
6d94f8973305958e89c2aa37c4aecd04

SHA1
3897b40f9527242d08478d5e48710fba6f9bbb0c

SHA256
f0ea7d8a1eb19e595137f27455d263dc2beaec4af007a314ba36963346a0d914

SHA512
2563440c13f9adfc6987a8d5ebb56c6e1a71186fd8faef670f068d98b2b7d371a60c585840d51120bf257b7cacaf38cec0347f1ab147c070ffe0165684fe8910

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
1002B

MD5
a01a494708323a2f891b080ec770a3ae

SHA1
0ff33bb79dae857d23cb96d4045ab45287dfd373

SHA256
85af77aa58638b52e78918cea8ed0342177c13b41198e904ceecb45f3ed861e0

SHA512
3fe76db52bc03fbbcb0b16a694c57084b4a506416f406d3fcef96966c7d5680c1e7b162e86563792a297e8cbdb34049fcc23e26d9884d6df64249f9e2f583275

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6c5b0e72620231182623fe0038d3ea92

SHA1
6f4c3e374b7483f61509a3ce44fdae7bd0c11815

SHA256
69d337b30c8a2e4261054ee91c52b56409cc78792137c731d55d629b634355f8

SHA512
f758b4779a9e73eec25fbfa7ed7b7f793db3c5b85b5519463970ec8fec6de70287be7cf19a97c5857e072a868b6d2013450278b4b6da12a11ba839fee28f102b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4beede738b16c62306f6c7cbbdee3d69

SHA1
5a82a3af2af6b31dc50557d1afd25545fc810c6f

SHA256
27c5fdbe0bf4b153d4aebdb5744fabc1bdad592fa9f243068f47fe1c912d4529

SHA512
78edbd43cd1d53d0f1144e2dad348a4e9780037993db7614ac36d224fa0ae87af9f3d58668436322c7fb14aa249125e02da21ff9d05aa6d6c7598adfe442353b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4beede738b16c62306f6c7cbbdee3d69

SHA1
5a82a3af2af6b31dc50557d1afd25545fc810c6f

SHA256
27c5fdbe0bf4b153d4aebdb5744fabc1bdad592fa9f243068f47fe1c912d4529

SHA512
78edbd43cd1d53d0f1144e2dad348a4e9780037993db7614ac36d224fa0ae87af9f3d58668436322c7fb14aa249125e02da21ff9d05aa6d6c7598adfe442353b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4beede738b16c62306f6c7cbbdee3d69

SHA1
5a82a3af2af6b31dc50557d1afd25545fc810c6f

SHA256
27c5fdbe0bf4b153d4aebdb5744fabc1bdad592fa9f243068f47fe1c912d4529

SHA512
78edbd43cd1d53d0f1144e2dad348a4e9780037993db7614ac36d224fa0ae87af9f3d58668436322c7fb14aa249125e02da21ff9d05aa6d6c7598adfe442353b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
79ae526df4f8c11810156f5b3b4b8f5f

SHA1
510298e817d84945e7f003bde97fc167962c03db

SHA256
62542bb2b24adc52f91e254c9e2c09f55d08642f36b06ebb47938d56e73e195f

SHA512
7b28e79729ba32991d13e27f2af76de99aa6d48d127776dbe67ee7d0eaad604d2bb5d6a9fc828dc7ad952350dccf34f85a9a31b3e4a2034f641beb418cbb179c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f15e19438e31ada42df7207a864a3793

SHA1
229c191be4a00a9689793f4f808cb6f557a8808f

SHA256
b636dd48adcbee625b86015135f1bf970a8e6afde2bc2a9f4cbdefb1d074657d

SHA512
fba67c03bb044f83588d1d0162fbd9887270c229c4adc627c0be59aa6b71e3744f84dfbfe1a225c789a02161ea1d74e7ecdc9cfd86a1145283cb986d18cdf014

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
5f6e9b7e8465f85471a7113a5fb00fb8

SHA1
23f8f3ccad1b4cc24066ef1943a4f323ad1b6269

SHA256
47d5771fc23f81cbb980129d3b9000a8a92001d81a511eb967215b681cafce1d

SHA512
c49fd2354c3467e16c1b65b073eaa73097c1e4bca1545fb71111b8294f626893110bb40796c02b1632ca3ed6b8e3952a85ae652f0f1d53f39127263a39342c0c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
000b9ac785a61abbae95340ea8221f63

SHA1
be90cffb548f33903b506c4f0e990ca324539e29

SHA256
8968795120e0c87beb8f9c9c612c8f8ba051e228c6ebe83fee2a10224327054e

SHA512
bfcadbbe43d06f7228c926b60f9c373bd5f6b52b1074705f07f3036d90e2ce7b95eaf9c93c837752bf5e64bdedc4d50842d4cbc1d90dbfb130a71071686c0890

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
54be3058a9cc36e0a77dc38b969fbff8

SHA1
66ae006c73c005a4b225ee85a914ec02c29999a6

SHA256
66fda09e1aa9a32f3e0ea23a2fd9b45d4d359477b2367c5010d78b761d37aa11

SHA512
27f4211bfe1e69c31844a5194a531e5ba9e77fbc7c7a44b428f905304c1d71264ee2c9a19508f31c6a68990306f54dffdbb85e39e726a974798ed3aaf128a975

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
54be3058a9cc36e0a77dc38b969fbff8

SHA1
66ae006c73c005a4b225ee85a914ec02c29999a6

SHA256
66fda09e1aa9a32f3e0ea23a2fd9b45d4d359477b2367c5010d78b761d37aa11

SHA512
27f4211bfe1e69c31844a5194a531e5ba9e77fbc7c7a44b428f905304c1d71264ee2c9a19508f31c6a68990306f54dffdbb85e39e726a974798ed3aaf128a975

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
54be3058a9cc36e0a77dc38b969fbff8

SHA1
66ae006c73c005a4b225ee85a914ec02c29999a6

SHA256
66fda09e1aa9a32f3e0ea23a2fd9b45d4d359477b2367c5010d78b761d37aa11

SHA512
27f4211bfe1e69c31844a5194a531e5ba9e77fbc7c7a44b428f905304c1d71264ee2c9a19508f31c6a68990306f54dffdbb85e39e726a974798ed3aaf128a975

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
5f1386a64ffc1403bbe4476165d01e71

SHA1
55cac3dfe0795c5c9a131f37b4fc132f1ea09708

SHA256
711fefa0b8ae73e0a26bc5f81b425d8e9d2ed01d47518682e2837be18da5151e

SHA512
7d5835d615779b2f2a7721a1a08ec6b79796191cd3b8d3677d764dace320d486688d77202b1ae28c4e66513277dc5026163fe34470ec7fc03400f867f10b6567

Download Submit
C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
C:\Windows\System32\DriverStore\Temp\{97197138-2050-5d4e-969f-19c7a5d580ec}\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\v4.cab

Filesize
127KB

MD5
5a4f0869298454215cccf8b3230467b3

SHA1
924d99c6bf1351d83b97df87924b482b6711e095

SHA256
5214e8ff8454c715b10b448e496311b4ff18306ecf9cbb99a97eb0076304ce9a

SHA512
0acf25d5666113ce4b39aa4b17ce307bef1a807af208560471a508d1ecadfa667d80f97c191e187b8ea6af02128d55685a4dd0ddc6dd5aabe8b460f6bc727eee

Download Submit
memory/552-216-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/552-180-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/1056-201-0x0000000000000000-mapping.dmp

Download
memory/1492-139-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/1492-165-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/1492-136-0x0000000000000000-mapping.dmp

Download
memory/1492-141-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/2256-186-0x0000000000000000-mapping.dmp

Download
memory/3520-198-0x0000000000000000-mapping.dmp

Download
memory/3592-164-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/3592-137-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/3592-135-0x0000000000000000-mapping.dmp

Download
memory/3592-178-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/3968-196-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/3968-211-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/3968-218-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/4320-173-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4320-171-0x0000000000000000-mapping.dmp

Download
memory/4320-192-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4320-176-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4372-190-0x0000000000000000-mapping.dmp

Download
memory/4816-163-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4816-132-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4816-134-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4816-177-0x0000000000E20000-0x0000000001E9E000-memory.dmp

Filesize
16.5MB

Download
memory/4856-195-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/4856-188-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download
memory/4856-217-0x0000000000630000-0x00000000016AE000-memory.dmp

Filesize
16.5MB

Download