fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Resubmissions

27-01-2023 20:15

230127-y1p1esed41 8

27-01-2023 20:11

230127-yyfc7sda53 8

Analysis

max time kernel
111s
max time network
152s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-01-2023 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
1372	AnyDesk.exe
1848	AnyDesk.exe
896	AnyDesk.exe

Loads dropped DLL 4 IoCs

Processes:

AnyDesk.exe

pid	Process
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

Processes:

AnyDesk.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies registry class 16 IoCs

Processes:

AnyDesk.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol"	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" \"%1\""	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
272	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1676	AnyDesk.exe
1372	AnyDesk.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
1736	AnyDesk.exe
1736	AnyDesk.exe
1736	AnyDesk.exe
1736	AnyDesk.exe
1848	AnyDesk.exe
1848	AnyDesk.exe
1848	AnyDesk.exe

Suspicious use of SendNotifyMessage 7 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
1736	AnyDesk.exe
1736	AnyDesk.exe
1736	AnyDesk.exe
1736	AnyDesk.exe
1848	AnyDesk.exe
1848	AnyDesk.exe
1848	AnyDesk.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

AnyDesk.exe

description	pid	Process	procid_target
PID 1796 wrote to memory of 272	1796	AnyDesk.exe	28
PID 1796 wrote to memory of 272	1796	AnyDesk.exe	28
PID 1796 wrote to memory of 272	1796	AnyDesk.exe	28
PID 1796 wrote to memory of 272	1796	AnyDesk.exe	28
PID 1796 wrote to memory of 1736	1796	AnyDesk.exe	29
PID 1796 wrote to memory of 1736	1796	AnyDesk.exe	29
PID 1796 wrote to memory of 1736	1796	AnyDesk.exe	29
PID 1796 wrote to memory of 1736	1796	AnyDesk.exe	29
PID 1796 wrote to memory of 1676	1796	AnyDesk.exe	31
PID 1796 wrote to memory of 1676	1796	AnyDesk.exe	31
PID 1796 wrote to memory of 1676	1796	AnyDesk.exe	31
PID 1796 wrote to memory of 1676	1796	AnyDesk.exe	31

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:272
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1736
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1676

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1372

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1848

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install
1⤵
- Executes dropped EXE
PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
b155d347184605e1e7f9325e9d9b82a5

SHA1
106c778934fecb8bdebe847620c870689eb44da5

SHA256
23f0640558fcb2d02c900e731c54bd33f2673bc47229b54fe0ebfa51561218f8

SHA512
832e7b9bf0f0b213a77b011c69c3408cb7f67d28678ba12afc1747ceb21cf7c15980d3a2f0929d5672fc7c4717fa0338646094784ea325d206d4debb8de434be

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
b155d347184605e1e7f9325e9d9b82a5

SHA1
106c778934fecb8bdebe847620c870689eb44da5

SHA256
23f0640558fcb2d02c900e731c54bd33f2673bc47229b54fe0ebfa51561218f8

SHA512
832e7b9bf0f0b213a77b011c69c3408cb7f67d28678ba12afc1747ceb21cf7c15980d3a2f0929d5672fc7c4717fa0338646094784ea325d206d4debb8de434be

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
540B

MD5
2760034cd58f98c9876fd38eb2f82dbd

SHA1
ce8a676a791f099999163014ee0e32e2375e13eb

SHA256
710dcb0af7fec64ceef2608b7d72b90a18d3236f3ca841c1ceed9b2670848588

SHA512
7c52483f62471fb02e6f891bfd77622d404db4110059f08da92f1f265901d1a5506a8b9f666e592af42d303af6ad1a3052c24693280a97a33fe92e25c6cfbf34

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
540B

MD5
d645ee42223fe76bb6c53a184a3c9cbd

SHA1
ef2c38a63e22a08b2b085b0cdd44cd172758586e

SHA256
aa16816028db071e6ddbb9911d33c5299e866205809e7c644166ecb84d38600e

SHA512
cb197736af5426748f6654862149b6f61d7a1761f0d4aeb6497ea6bf9c15a9caa5bfdadde384fe933381d67a57b8e181c550ed4cb3a378eebb158555118c532c

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
540B

MD5
d645ee42223fe76bb6c53a184a3c9cbd

SHA1
ef2c38a63e22a08b2b085b0cdd44cd172758586e

SHA256
aa16816028db071e6ddbb9911d33c5299e866205809e7c644166ecb84d38600e

SHA512
cb197736af5426748f6654862149b6f61d7a1761f0d4aeb6497ea6bf9c15a9caa5bfdadde384fe933381d67a57b8e181c550ed4cb3a378eebb158555118c532c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
31KB

MD5
e30130469a71c31b584a2d481653885d

SHA1
c5c72dd6acc6a96d60b746dc58776b297f9ae57b

SHA256
21aa817abc4c0dfef40ff0f84687de69f95881e74753e1fc619431d707c566d0

SHA512
484c2da25f7660e8115b3ac1ea9d10e0db3b6fa6690ec1a908c40d865bc98790c4c832fb7bb529ed94d710abece348213c5227c600ee34142714829f1afb9d0a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
b4a155bae1c4c5f7e55c7615683debe8

SHA1
90c39976fab6ef34a91faa8386448d5b4db28d69

SHA256
52759dde90e035edec5bf41833ccac16238165ecc77e29d54ea09f32ba621a56

SHA512
89b79b7c6f1e760767f80a26070ce7a465f4c6cd3d6cead7dc59bc9b23de0f055038e235eaa97879525377449a2c7f28fadfa913055d2e8ca84b05b4fbacd89a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
40KB

MD5
f5a9ba901db81dd605a04d66e7077d57

SHA1
7683b1578d04b50dbc5979650849dd63c95706a7

SHA256
0d17005c6015b7c38b17ad5bef77767c350dc9abca980d742ca20c486a14917e

SHA512
f8774ccec93b8e37de421e95e0b675c0a1c4b4e289a9b64aeb0e9e010cf6288721d7052d136d4152dc7a9cbf6f68e5b57ed241ef94513ae65df2f81b86990579

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
27a2ba8c6756f0a73e66ac62a09bc68a

SHA1
31aa71564d34951aae0726e721fdbaf8b3a2c648

SHA256
1d593e8f3028e32f745a7e4ee53643005d39606a137008c6f91b42d9edadb53b

SHA512
6799344f70f6876dd875a0c692cd8eae0e88c136d9e8253b229e3137b586f3e6902d3cb71f272b6ab1692f53ede14ae08b0e63913086ade03cf69fecf085d757

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
13KB

MD5
78af02c03b59c5910050d935b1f9d62c

SHA1
f245f46675e4fbda04aa3284a244b1306098b475

SHA256
9e2dfb85cecd1050a1cc9da8d4871cd0bcd54342634df636b74b1041b22cf3d1

SHA512
990d596c57aac72a0608c07e9c71e039fffa20c29ff71c4599b1d459f6c0361c9ecc1f5bd760aeab3b10ff2b3c978438561e7d5611fa5ac8fee62ebd3e669f49

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b155d347184605e1e7f9325e9d9b82a5

SHA1
106c778934fecb8bdebe847620c870689eb44da5

SHA256
23f0640558fcb2d02c900e731c54bd33f2673bc47229b54fe0ebfa51561218f8

SHA512
832e7b9bf0f0b213a77b011c69c3408cb7f67d28678ba12afc1747ceb21cf7c15980d3a2f0929d5672fc7c4717fa0338646094784ea325d206d4debb8de434be

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
94f224fd70bbb5ac6635381212a538f6

SHA1
79de00ffd8036ee21b3cf969c406cce5887e033c

SHA256
ead7d2cd841721a8bad65a0e0093c384df9d17cf05ad15f1b2fd89e854a088fd

SHA512
da7e3e384ea30772e4db06f8f9874f8290cd2b9cc71627382d7523685a28db5a0466e96e286cd16d27f69f336a1f93235c2588caacc19f71004c0578d0618eaa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3c9fa171f7f682b078de6f59b3634e68

SHA1
0ca6f249f45dbcc27fc78a077c8207d7325abc72

SHA256
67b0227130e2c9d2ac358cf2002f64cc6c21010160d204ba27d9dc2ac9385056

SHA512
00f8a4e1834ae3f4279154ca37513df1dc7b25891f94d6b743ec0295d63c88c861c929cbd9c7ba96d86e0bfdf34cc1d5b4f48a4c5a5616ccf1822f958c3e32a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3c9fa171f7f682b078de6f59b3634e68

SHA1
0ca6f249f45dbcc27fc78a077c8207d7325abc72

SHA256
67b0227130e2c9d2ac358cf2002f64cc6c21010160d204ba27d9dc2ac9385056

SHA512
00f8a4e1834ae3f4279154ca37513df1dc7b25891f94d6b743ec0295d63c88c861c929cbd9c7ba96d86e0bfdf34cc1d5b4f48a4c5a5616ccf1822f958c3e32a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
94f224fd70bbb5ac6635381212a538f6

SHA1
79de00ffd8036ee21b3cf969c406cce5887e033c

SHA256
ead7d2cd841721a8bad65a0e0093c384df9d17cf05ad15f1b2fd89e854a088fd

SHA512
da7e3e384ea30772e4db06f8f9874f8290cd2b9cc71627382d7523685a28db5a0466e96e286cd16d27f69f336a1f93235c2588caacc19f71004c0578d0618eaa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
482B

MD5
30147fb83d90d133491c11955eadf598

SHA1
65a3bcbdc8d0ae883943869ad6912bd8dbd27294

SHA256
349e7f9e23dc1c64e136d0f9026976f6fbe470d7f27d1345543540dd8f3eec59

SHA512
a682c725fa768c6b0f95afeabdadf0b1ade08c5f4eb6eae326081f632f98ed933477d06efccfedb4992bb180dee5a0e87f1d2d454c535a9ae741296783aa45e1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
482B

MD5
4f6b16f2609cb8e559e0473c31d8e9be

SHA1
ac1e61cbdbfdbee16246daf7bab5bf454509e92a

SHA256
23b67da7f95f58bbc9e9fc1683e261c7ea4352590352c2562bb463f1d6575b24

SHA512
34de8635e176c940fd9d243f6f314849388c08b74c293e48d609c6c92bd31f84596cfeeece40390fdd055400cf5be055dc96ca004c2cbbdc968c7c28e229ed7e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
482B

MD5
4f6b16f2609cb8e559e0473c31d8e9be

SHA1
ac1e61cbdbfdbee16246daf7bab5bf454509e92a

SHA256
23b67da7f95f58bbc9e9fc1683e261c7ea4352590352c2562bb463f1d6575b24

SHA512
34de8635e176c940fd9d243f6f314849388c08b74c293e48d609c6c92bd31f84596cfeeece40390fdd055400cf5be055dc96ca004c2cbbdc968c7c28e229ed7e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
482B

MD5
4f6b16f2609cb8e559e0473c31d8e9be

SHA1
ac1e61cbdbfdbee16246daf7bab5bf454509e92a

SHA256
23b67da7f95f58bbc9e9fc1683e261c7ea4352590352c2562bb463f1d6575b24

SHA512
34de8635e176c940fd9d243f6f314849388c08b74c293e48d609c6c92bd31f84596cfeeece40390fdd055400cf5be055dc96ca004c2cbbdc968c7c28e229ed7e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3c9fa171f7f682b078de6f59b3634e68

SHA1
0ca6f249f45dbcc27fc78a077c8207d7325abc72

SHA256
67b0227130e2c9d2ac358cf2002f64cc6c21010160d204ba27d9dc2ac9385056

SHA512
00f8a4e1834ae3f4279154ca37513df1dc7b25891f94d6b743ec0295d63c88c861c929cbd9c7ba96d86e0bfdf34cc1d5b4f48a4c5a5616ccf1822f958c3e32a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3c9fa171f7f682b078de6f59b3634e68

SHA1
0ca6f249f45dbcc27fc78a077c8207d7325abc72

SHA256
67b0227130e2c9d2ac358cf2002f64cc6c21010160d204ba27d9dc2ac9385056

SHA512
00f8a4e1834ae3f4279154ca37513df1dc7b25891f94d6b743ec0295d63c88c861c929cbd9c7ba96d86e0bfdf34cc1d5b4f48a4c5a5616ccf1822f958c3e32a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
94f224fd70bbb5ac6635381212a538f6

SHA1
79de00ffd8036ee21b3cf969c406cce5887e033c

SHA256
ead7d2cd841721a8bad65a0e0093c384df9d17cf05ad15f1b2fd89e854a088fd

SHA512
da7e3e384ea30772e4db06f8f9874f8290cd2b9cc71627382d7523685a28db5a0466e96e286cd16d27f69f336a1f93235c2588caacc19f71004c0578d0618eaa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3c9fa171f7f682b078de6f59b3634e68

SHA1
0ca6f249f45dbcc27fc78a077c8207d7325abc72

SHA256
67b0227130e2c9d2ac358cf2002f64cc6c21010160d204ba27d9dc2ac9385056

SHA512
00f8a4e1834ae3f4279154ca37513df1dc7b25891f94d6b743ec0295d63c88c861c929cbd9c7ba96d86e0bfdf34cc1d5b4f48a4c5a5616ccf1822f958c3e32a1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
183c13423b491440607e41effbed011e

SHA1
30acf769434b2e487405a67f6a18fe90dedea127

SHA256
5b30b0348d33680da90d879ab0215934ceb3bd5cd7650adc51314ac5907e7112

SHA512
5ca61aea27cf5a615188999d4191bb21ace0638cb3cff217531c5c95111bdeebf21448194aea9c1743c328602c14241ba05e924288d33c7322fc08f406ef0e34

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1985e85407ca146f195246aef92fa82b

SHA1
efdf85e959311fccf68538bfa55a8e645819cba3

SHA256
927d4aaf2a8ff3bcb1914b115d08523fa22cdbc8f1b0ecc566cb9567cce8ff60

SHA512
9a1a81cdd4e98c24459904cd0dba615f7bbd04fd4267808b470cc58d5335d1e5865b9572b1821c40107468c098e9e8bc69a72d480a8da148b20fd745270b6adc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1985e85407ca146f195246aef92fa82b

SHA1
efdf85e959311fccf68538bfa55a8e645819cba3

SHA256
927d4aaf2a8ff3bcb1914b115d08523fa22cdbc8f1b0ecc566cb9567cce8ff60

SHA512
9a1a81cdd4e98c24459904cd0dba615f7bbd04fd4267808b470cc58d5335d1e5865b9572b1821c40107468c098e9e8bc69a72d480a8da148b20fd745270b6adc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b0dd7b3db0d0053d2609f312bc4652db

SHA1
6dd576b75f7fb406ad2e825ca5f4cc03fdf54cee

SHA256
1a7abf0ae89c75458c2fcac8c270814a576744c607e9804cfefe591465a098a0

SHA512
a5fac29ed7134b14f5ac53664ce9623a44721dfcf60bdac1273bdd5696430dafbaf8299bc0a8aabce53547c1441ab0a51afd60dc62c5285a54917582e73e007c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
626abba6c8d2cd91f5db91b219b85d07

SHA1
7da03e625ea7bac42ee2179a4d769104046c9a2d

SHA256
817f2f2688815d71ba56c7e604b10f3f480a4f9ee0706e9d2062e4309634b0d8

SHA512
2bdf50f0b029b6dbb4678cec9bb6092b616aab244c795058eb2fef460b6e72ce011fbe6274c59c6a205c9dc8f8954767bbe8ab19a83de4f5124497ea2b3284a0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
626abba6c8d2cd91f5db91b219b85d07

SHA1
7da03e625ea7bac42ee2179a4d769104046c9a2d

SHA256
817f2f2688815d71ba56c7e604b10f3f480a4f9ee0706e9d2062e4309634b0d8

SHA512
2bdf50f0b029b6dbb4678cec9bb6092b616aab244c795058eb2fef460b6e72ce011fbe6274c59c6a205c9dc8f8954767bbe8ab19a83de4f5124497ea2b3284a0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9b4688e79f45a41337df4f278f3c3797

SHA1
d8468a751e152195030ef3f67a8c450a9761ae51

SHA256
39d64a697dbf11cdcf8778628025fb30a9a5c2adbc81c0d5f8e2d8dcf4bf606b

SHA512
f74680cb000972bc1d9027d545c474fd01245572937d99de385c824cdb5c4db6742ff73a9973e38c788a568b89a19160587ca9c6a2fb0dc7d2a76ed37c9b12ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9b4688e79f45a41337df4f278f3c3797

SHA1
d8468a751e152195030ef3f67a8c450a9761ae51

SHA256
39d64a697dbf11cdcf8778628025fb30a9a5c2adbc81c0d5f8e2d8dcf4bf606b

SHA512
f74680cb000972bc1d9027d545c474fd01245572937d99de385c824cdb5c4db6742ff73a9973e38c788a568b89a19160587ca9c6a2fb0dc7d2a76ed37c9b12ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9b4688e79f45a41337df4f278f3c3797

SHA1
d8468a751e152195030ef3f67a8c450a9761ae51

SHA256
39d64a697dbf11cdcf8778628025fb30a9a5c2adbc81c0d5f8e2d8dcf4bf606b

SHA512
f74680cb000972bc1d9027d545c474fd01245572937d99de385c824cdb5c4db6742ff73a9973e38c788a568b89a19160587ca9c6a2fb0dc7d2a76ed37c9b12ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9b4688e79f45a41337df4f278f3c3797

SHA1
d8468a751e152195030ef3f67a8c450a9761ae51

SHA256
39d64a697dbf11cdcf8778628025fb30a9a5c2adbc81c0d5f8e2d8dcf4bf606b

SHA512
f74680cb000972bc1d9027d545c474fd01245572937d99de385c824cdb5c4db6742ff73a9973e38c788a568b89a19160587ca9c6a2fb0dc7d2a76ed37c9b12ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9b4688e79f45a41337df4f278f3c3797

SHA1
d8468a751e152195030ef3f67a8c450a9761ae51

SHA256
39d64a697dbf11cdcf8778628025fb30a9a5c2adbc81c0d5f8e2d8dcf4bf606b

SHA512
f74680cb000972bc1d9027d545c474fd01245572937d99de385c824cdb5c4db6742ff73a9973e38c788a568b89a19160587ca9c6a2fb0dc7d2a76ed37c9b12ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2f8fdcae4222f106815a97df577e383e

SHA1
6f02f0657b2f3f2a49262d79fd2281f23c446a57

SHA256
bd4887eab03e20818974789613957c7948af039a7578f5d5ecf7ccb5bc41c9d2

SHA512
48ce3abb3bdec8b7701efed8fd7eb78a2e0abf02984b56766d957c66cd71079910f674576e79f09a402eb5b32c31e2130ba7e3545fbe74ef492c2dd11cfa8896

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
a576334630a516923401a85cd37aee70

SHA1
1bf5828cc39435a5c5c515aeaf53c2905096a3d2

SHA256
b1c213080463a921d68798280e12e72e41ae25f03881cda24fb5c0872884fb90

SHA512
a1a095fcffbd0a1c62c0fd96119ad96f731995680dd0d48f0e72c5e4b36011abf4eb201e7984dabc0d19af1bd72ad98434bb921bf31bc8a451129c5aee369045

Download Submit
\??\PIPE\srvsvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
memory/272-61-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/272-75-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/272-126-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/272-105-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/272-58-0x0000000000000000-mapping.dmp

Download
memory/896-175-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/896-174-0x0000000074291000-0x0000000074293000-memory.dmp

Filesize
8KB

Download
memory/896-158-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/1372-135-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/1372-168-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/1372-149-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/1676-156-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1676-119-0x0000000000000000-mapping.dmp

Download
memory/1676-124-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1676-121-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1736-76-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1736-127-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1736-106-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1736-59-0x0000000000000000-mapping.dmp

Download
memory/1736-64-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1796-81-0x0000000073081000-0x0000000073083000-memory.dmp

Filesize
8KB

Download
memory/1796-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1796-104-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1796-57-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1796-55-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1796-125-0x00000000011C0000-0x000000000223E000-memory.dmp

Filesize
16.5MB

Download
memory/1848-169-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/1848-153-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download
memory/1848-152-0x0000000001040000-0x00000000020BE000-memory.dmp

Filesize
16.5MB

Download