fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Analysis

max time kernel
73s
max time network
64s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
17-02-2023 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk (2).exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
1184	AnyDesk.exe
1008	AnyDesk.exe
3716	AnyDesk.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 27 IoCs

Processes:

DrvInst.exe

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\anydeskprintdriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriver.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET8050.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.gpd	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET803D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET804F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET804F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET8060.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET803D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET804E.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET803C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET8050.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriver.gpd	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET8060.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\anydeskprintdriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET803C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\SET804E.tmp	DrvInst.exe

Drops file in Program Files directory 2 IoCs

Processes:

AnyDesk (2).exe

description	ioc	Process
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk (2).exe
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk (2).exe

Drops file in Windows directory 6 IoCs

Processes:

rundll32.exeDrvInst.exeexpand.exe

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	rundll32.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem2.inf	DrvInst.exe
File created	C:\Windows\inf\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DrvInst.exesvchost.exesvchost.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DrvInst.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk (2).exeAnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk (2).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk (2).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 46 IoCs

Processes:

DrvInst.exesvchost.exeAnyDesk.exe

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\SysWOW64\FirewallControlPanel.dll,-12122 = "Windows Firewall"	AnyDesk.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	AnyDesk.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe

Modifies registry class 16 IoCs

Processes:

AnyDesk (2).exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk (2).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk (2).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0"	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell	AnyDesk (2).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol	AnyDesk (2).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk (2).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" \"%1\""	AnyDesk (2).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol"	AnyDesk (2).exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

rundll32.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

AnyDesk (2).exeAnyDesk (2).exeAnyDesk.exeAnyDesk (2).exeAnyDesk (2).exe

pid	Process
2500	AnyDesk (2).exe
2500	AnyDesk (2).exe
4832	AnyDesk (2).exe
4832	AnyDesk (2).exe
1184	AnyDesk.exe
1184	AnyDesk.exe
2352	AnyDesk (2).exe
2352	AnyDesk (2).exe
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

svchost.exe

description	pid	Process
Token: SeAuditPrivilege	2624	svchost.exe
Token: SeSecurityPrivilege	2624	svchost.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

AnyDesk (2).exeAnyDesk.exe

pid	Process
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe
1008	AnyDesk.exe
1008	AnyDesk.exe
1008	AnyDesk.exe
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe

Suspicious use of SendNotifyMessage 8 IoCs

Processes:

AnyDesk (2).exeAnyDesk.exe

pid	Process
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe
1008	AnyDesk.exe
1008	AnyDesk.exe
1008	AnyDesk.exe
3264	AnyDesk (2).exe
3264	AnyDesk (2).exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

AnyDesk (2).exeAnyDesk (2).exesvchost.exeDrvInst.exe

description	pid	Process	procid_target
PID 2352 wrote to memory of 2500	2352	AnyDesk (2).exe	66
PID 2352 wrote to memory of 2500	2352	AnyDesk (2).exe	66
PID 2352 wrote to memory of 2500	2352	AnyDesk (2).exe	66
PID 2352 wrote to memory of 3264	2352	AnyDesk (2).exe	67
PID 2352 wrote to memory of 3264	2352	AnyDesk (2).exe	67
PID 2352 wrote to memory of 3264	2352	AnyDesk (2).exe	67
PID 2352 wrote to memory of 4832	2352	AnyDesk (2).exe	69
PID 2352 wrote to memory of 4832	2352	AnyDesk (2).exe	69
PID 2352 wrote to memory of 4832	2352	AnyDesk (2).exe	69
PID 4832 wrote to memory of 5080	4832	AnyDesk (2).exe	74
PID 4832 wrote to memory of 5080	4832	AnyDesk (2).exe	74
PID 4832 wrote to memory of 5080	4832	AnyDesk (2).exe	74
PID 4832 wrote to memory of 5088	4832	AnyDesk (2).exe	76
PID 4832 wrote to memory of 5088	4832	AnyDesk (2).exe	76
PID 4832 wrote to memory of 5088	4832	AnyDesk (2).exe	76
PID 2624 wrote to memory of 3876	2624	svchost.exe	79
PID 2624 wrote to memory of 3876	2624	svchost.exe	79
PID 3876 wrote to memory of 4484	3876	DrvInst.exe	80
PID 3876 wrote to memory of 4484	3876	DrvInst.exe	80

C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe" --local-control
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3264
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (2).exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --install-driver:printer --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
  2⤵
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4832
- - C:\Windows\SysWOW64\expand.exe
    expand -F:* "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\v4.cab" "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver"
    3⤵
    - Drops file in Windows directory
    PID:5080
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /if /b "AnyDesk Printer" /f "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\AnyDeskPrintDriver.inf" /r "AD_Port" /m "AnyDesk v4 Printer Driver"
    3⤵
    - Drops file in Windows directory
    - Modifies system certificate store
    PID:5088

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1184

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1008

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:3716

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{893c7100-00c7-044b-b914-f97c49b97be8}\anydeskprintdriver.inf" "9" "49a18f3d7" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "c:\users\admin\appdata\roaming\anydesk\printer_driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:3876
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{01c04fb2-653c-ab4c-b5b1-19b671b4e26d} Global\{da8e11d4-b0bf-584a-b061-933d9196a950} C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\anydeskprintdriver.inf C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriver.cat
    3⤵
    PID:4484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
8348344852660d3ad6fa41aa565441f6

SHA1
6d1cb4f3c825ee5de917664e4e2200cda04b020d

SHA256
534074cad06d3684fb6eae6368fb63e41f5fb557f2158f02ca8056a5ad76eddd

SHA512
5e922e6803bd484652d9160699cbe9f32d2aa36ba9b11319e7eeb6f2d3ef3cf2537a52c82525fbaeba7488315c57f95a3600cba7fc9fd09cc5e6c1aebff2a9a8

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
8348344852660d3ad6fa41aa565441f6

SHA1
6d1cb4f3c825ee5de917664e4e2200cda04b020d

SHA256
534074cad06d3684fb6eae6368fb63e41f5fb557f2158f02ca8056a5ad76eddd

SHA512
5e922e6803bd484652d9160699cbe9f32d2aa36ba9b11319e7eeb6f2d3ef3cf2537a52c82525fbaeba7488315c57f95a3600cba7fc9fd09cc5e6c1aebff2a9a8

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
d6f8de9b8c35e77d305291895b512126

SHA1
046fb302f661457ad1cdb01b784200adb5de62d7

SHA256
b853af9eae377c618a867e3f32bff95544de36f43ce4316bc1a64464453a0cee

SHA512
6e059d452b5371c1741d7d1834f7795db2a4545a5e5c2fe18a5e8bb84b5dc5e53f85f96670815d34d0d6f44334dac6a3afd07c16ddddaf9d78f96849bc58a421

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
d6f8de9b8c35e77d305291895b512126

SHA1
046fb302f661457ad1cdb01b784200adb5de62d7

SHA256
b853af9eae377c618a867e3f32bff95544de36f43ce4316bc1a64464453a0cee

SHA512
6e059d452b5371c1741d7d1834f7795db2a4545a5e5c2fe18a5e8bb84b5dc5e53f85f96670815d34d0d6f44334dac6a3afd07c16ddddaf9d78f96849bc58a421

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
d6f8de9b8c35e77d305291895b512126

SHA1
046fb302f661457ad1cdb01b784200adb5de62d7

SHA256
b853af9eae377c618a867e3f32bff95544de36f43ce4316bc1a64464453a0cee

SHA512
6e059d452b5371c1741d7d1834f7795db2a4545a5e5c2fe18a5e8bb84b5dc5e53f85f96670815d34d0d6f44334dac6a3afd07c16ddddaf9d78f96849bc58a421

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
d6f8de9b8c35e77d305291895b512126

SHA1
046fb302f661457ad1cdb01b784200adb5de62d7

SHA256
b853af9eae377c618a867e3f32bff95544de36f43ce4316bc1a64464453a0cee

SHA512
6e059d452b5371c1741d7d1834f7795db2a4545a5e5c2fe18a5e8bb84b5dc5e53f85f96670815d34d0d6f44334dac6a3afd07c16ddddaf9d78f96849bc58a421

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
e673bdfe62c7c0e1bd18c75e72b9c91f

SHA1
6018a64640a220ae2a7b6788a1299740abf0491c

SHA256
eec9263633dd7251c4a34647fa0585005d4c93e56b56ef5dff83a128b50f3059

SHA512
bb7b691b1eebfbb03c44cbedd78c15ce4f2a55ca8a3b65594a88009bb5234ad35eb02b44a82285ee6c236ba966e6831877d78d8c3ab555196db6915737f759b7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
e673bdfe62c7c0e1bd18c75e72b9c91f

SHA1
6018a64640a220ae2a7b6788a1299740abf0491c

SHA256
eec9263633dd7251c4a34647fa0585005d4c93e56b56ef5dff83a128b50f3059

SHA512
bb7b691b1eebfbb03c44cbedd78c15ce4f2a55ca8a3b65594a88009bb5234ad35eb02b44a82285ee6c236ba966e6831877d78d8c3ab555196db6915737f759b7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
d6f8de9b8c35e77d305291895b512126

SHA1
046fb302f661457ad1cdb01b784200adb5de62d7

SHA256
b853af9eae377c618a867e3f32bff95544de36f43ce4316bc1a64464453a0cee

SHA512
6e059d452b5371c1741d7d1834f7795db2a4545a5e5c2fe18a5e8bb84b5dc5e53f85f96670815d34d0d6f44334dac6a3afd07c16ddddaf9d78f96849bc58a421

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
e673bdfe62c7c0e1bd18c75e72b9c91f

SHA1
6018a64640a220ae2a7b6788a1299740abf0491c

SHA256
eec9263633dd7251c4a34647fa0585005d4c93e56b56ef5dff83a128b50f3059

SHA512
bb7b691b1eebfbb03c44cbedd78c15ce4f2a55ca8a3b65594a88009bb5234ad35eb02b44a82285ee6c236ba966e6831877d78d8c3ab555196db6915737f759b7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
d6f8de9b8c35e77d305291895b512126

SHA1
046fb302f661457ad1cdb01b784200adb5de62d7

SHA256
b853af9eae377c618a867e3f32bff95544de36f43ce4316bc1a64464453a0cee

SHA512
6e059d452b5371c1741d7d1834f7795db2a4545a5e5c2fe18a5e8bb84b5dc5e53f85f96670815d34d0d6f44334dac6a3afd07c16ddddaf9d78f96849bc58a421

Download Submit
C:\Users\Admin\AppData\Local\Temp\{893C7~1\AnyDeskPrintDriver-manifest.ini

Filesize
271B

MD5
0d7876b516b908aab67a8e01e49c4ded

SHA1
0900c56619cd785deca4c302972e74d5facd5ec9

SHA256
98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753

SHA512
6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

Download Submit
C:\Users\Admin\AppData\Local\Temp\{893C7~1\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
C:\Users\Admin\AppData\Local\Temp\{893C7~1\AnyDeskPrintDriver.gpd

Filesize
11KB

MD5
e0d32d133d4fe83b0e90aa22f16f4203

SHA1
a06b053a1324790dfd0780950d14d8fcec8a5eb9

SHA256
6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4

SHA512
c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{893C7~1\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml

Filesize
584B

MD5
b76df597dd3183163a6d19b73d28e6d3

SHA1
9f7d18a7e09b3818c32c9654fb082a784be35034

SHA256
cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33

SHA512
6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\{893C7~1\AnyDeskPrintDriverRenderFilter.dll

Filesize
277KB

MD5
1e4faaf4e348ba202dee66d37eb0b245

SHA1
bb706971bd21f07af31157875e0521631ecf8fa5

SHA256
3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d

SHA512
008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{893c7100-00c7-044b-b914-f97c49b97be8}\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
d3ed89f0b022ab8e4536aecb912a16de

SHA1
3b994b91a60b06bccc9fd3e9eaf6eef0ed810e68

SHA256
0d66c020818aa7cc0cf76af1246e45e19e059003525af28e3c26abdf45a878cd

SHA512
9433df3f411ff87292f3eb6516499aca2d743856156e46db6706c90706b804ad1215a6d815cd7d1e5cc9271392c687867796d0ac61102d9471ea0fd120cc80ce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
29ce75c897ee7cd449bdb7828bb4c79d

SHA1
fca5bdfdb34619b30a57b423c2688884af74f110

SHA256
f29e58175910d718624d1d693bfbda67682506747c26fd6cc8d6c70ad7c0ed96

SHA512
7559007e1e41648865d95b467764b7bac1266a6bd4d16a5660d1c8b12c82169ee6ef06abc692b0254b9d582aef5178825cb23930e50ea36eebbedc64c8efc7e9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
26KB

MD5
067fa9ed09e1ffe0b8aec4fa1c64cb46

SHA1
487717d149274c7e5fe46e8e0e6e64d9402007e0

SHA256
16705acf95c0aad2dd28233bfd9b7f6fbfa70387987c66c00f9b539f3840fd97

SHA512
28cee5b885e49f2d6c862b3b0a596917026a448b99ef75ab42fa6226c8ce538994f849b9b93bef7d8273c4894dd5f0688f356dd9dbf2bf6b680325cd55751730

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
33KB

MD5
cad2162f078ec416bc49be6d05b06057

SHA1
93d082be1ed885b5482ba51e3e3627026f2244a3

SHA256
1ec91e472846c696dc564cd3ab47491def9bd74ab2f7a6f8d73cccf35f1e1cd2

SHA512
bf2ce64c9b2382d2bebbb7bb83655e6eb150872399b621730b0e4e389d832b50630ceb239d15dc22bdbd3c242108089655df1f56275cf78a5d385d8d1e44d22f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
41KB

MD5
c5163c116a80a778361603b8ece551e5

SHA1
975a1dc7e56e38eb380d953fc6e743a73a68c31a

SHA256
987d52d5c96feddea8ad710255c23c2caff66e669d951a23afa5948cbb31087b

SHA512
a9bba328bbcfb7072832f473a121d10369c08dfb0693ac79e27d163051cd8fed4a3cbc5b36ea0388c65f9f8d07dbafef6fd1c5e49951a168af72cf7d0aa209ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8348344852660d3ad6fa41aa565441f6

SHA1
6d1cb4f3c825ee5de917664e4e2200cda04b020d

SHA256
534074cad06d3684fb6eae6368fb63e41f5fb557f2158f02ca8056a5ad76eddd

SHA512
5e922e6803bd484652d9160699cbe9f32d2aa36ba9b11319e7eeb6f2d3ef3cf2537a52c82525fbaeba7488315c57f95a3600cba7fc9fd09cc5e6c1aebff2a9a8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
581fd7ae70776a2f8ed06c9774ec6010

SHA1
0bd66d587c29a5a95c25f59324428d952e574694

SHA256
6e715f15bd980fc38a8822013424215e308c917728eb2787ac8bec61f6f4595e

SHA512
d6916e3b73a72e736e403f081296262090535a1297c6b2d41cb6176ecfed6ad766a32947bb9e6573b66ac0d8f66081100c0ac8ebe37a3845b5eb6384e66cb830

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
874af66676ee2a074f130db78c0e17c9

SHA1
314c9949d2f0430c2ac795b0f57e688774359521

SHA256
2f32a884ef5e9ef928ac0ce14bcb0cd4797b5e983a27a29a9f62787bf8b623fe

SHA512
797291bd8874afe319be1116bc8ddb0a476c49dd4a06f24d2f1d46c24b5e2ab44ad33d9fb585e519632d8a7ac027c14637e31ffa1b1cd42ae326449123c6e742

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
581fd7ae70776a2f8ed06c9774ec6010

SHA1
0bd66d587c29a5a95c25f59324428d952e574694

SHA256
6e715f15bd980fc38a8822013424215e308c917728eb2787ac8bec61f6f4595e

SHA512
d6916e3b73a72e736e403f081296262090535a1297c6b2d41cb6176ecfed6ad766a32947bb9e6573b66ac0d8f66081100c0ac8ebe37a3845b5eb6384e66cb830

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
874af66676ee2a074f130db78c0e17c9

SHA1
314c9949d2f0430c2ac795b0f57e688774359521

SHA256
2f32a884ef5e9ef928ac0ce14bcb0cd4797b5e983a27a29a9f62787bf8b623fe

SHA512
797291bd8874afe319be1116bc8ddb0a476c49dd4a06f24d2f1d46c24b5e2ab44ad33d9fb585e519632d8a7ac027c14637e31ffa1b1cd42ae326449123c6e742

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
874af66676ee2a074f130db78c0e17c9

SHA1
314c9949d2f0430c2ac795b0f57e688774359521

SHA256
2f32a884ef5e9ef928ac0ce14bcb0cd4797b5e983a27a29a9f62787bf8b623fe

SHA512
797291bd8874afe319be1116bc8ddb0a476c49dd4a06f24d2f1d46c24b5e2ab44ad33d9fb585e519632d8a7ac027c14637e31ffa1b1cd42ae326449123c6e742

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
581fd7ae70776a2f8ed06c9774ec6010

SHA1
0bd66d587c29a5a95c25f59324428d952e574694

SHA256
6e715f15bd980fc38a8822013424215e308c917728eb2787ac8bec61f6f4595e

SHA512
d6916e3b73a72e736e403f081296262090535a1297c6b2d41cb6176ecfed6ad766a32947bb9e6573b66ac0d8f66081100c0ac8ebe37a3845b5eb6384e66cb830

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
874af66676ee2a074f130db78c0e17c9

SHA1
314c9949d2f0430c2ac795b0f57e688774359521

SHA256
2f32a884ef5e9ef928ac0ce14bcb0cd4797b5e983a27a29a9f62787bf8b623fe

SHA512
797291bd8874afe319be1116bc8ddb0a476c49dd4a06f24d2f1d46c24b5e2ab44ad33d9fb585e519632d8a7ac027c14637e31ffa1b1cd42ae326449123c6e742

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
874af66676ee2a074f130db78c0e17c9

SHA1
314c9949d2f0430c2ac795b0f57e688774359521

SHA256
2f32a884ef5e9ef928ac0ce14bcb0cd4797b5e983a27a29a9f62787bf8b623fe

SHA512
797291bd8874afe319be1116bc8ddb0a476c49dd4a06f24d2f1d46c24b5e2ab44ad33d9fb585e519632d8a7ac027c14637e31ffa1b1cd42ae326449123c6e742

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
64ecda42627ae1c91aca37ad99a35211

SHA1
3c5975ffa83cd9456f48623d70b721ab076b291d

SHA256
979345ed93bdb5827f0b144b01102298fbf5d1488845cf638c0512b299f1f60c

SHA512
2996f3074ec16c9e57ec31e4897ba75293509ee60e7fc96fb26cac5367c8b4517798eaf9949f37a58b74d07860c50b7e859d0bed1f7c4508e908b18668ab89e7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c663fe39b85722efa66e323c490cebb8

SHA1
2fa6d8296319f043e835cdd357377ec83038adb5

SHA256
162958ce89034c2fd357685cb7259abc41fa7bfe4d7ef678062237b966634e4c

SHA512
5d9580625d8fb6d53eb672ba6cad0f5e910b301d5ced810bc8cba49d655d46b3f0535cd20fd3f025b903655eb6e22b73b835e769589392cc59d52c138fb38b63

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c663fe39b85722efa66e323c490cebb8

SHA1
2fa6d8296319f043e835cdd357377ec83038adb5

SHA256
162958ce89034c2fd357685cb7259abc41fa7bfe4d7ef678062237b966634e4c

SHA512
5d9580625d8fb6d53eb672ba6cad0f5e910b301d5ced810bc8cba49d655d46b3f0535cd20fd3f025b903655eb6e22b73b835e769589392cc59d52c138fb38b63

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c663fe39b85722efa66e323c490cebb8

SHA1
2fa6d8296319f043e835cdd357377ec83038adb5

SHA256
162958ce89034c2fd357685cb7259abc41fa7bfe4d7ef678062237b966634e4c

SHA512
5d9580625d8fb6d53eb672ba6cad0f5e910b301d5ced810bc8cba49d655d46b3f0535cd20fd3f025b903655eb6e22b73b835e769589392cc59d52c138fb38b63

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
47334840f372bc4ecf9a8d154824224a

SHA1
ba7e4df68a3aeea8dc729016c69aa51dba1f4056

SHA256
a2b4e588d87650208ae43373d32eae8c2040972499d9dd00018c44bb1aad1478

SHA512
399aa47403140e06fa3f5699bde35a0191f1215e8a4010233ddffd97a97f8b51c4ff50bb3a24a9150dc520905e3349a06bd8423539bfca9992891a789e465228

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6734ca7c9c87b5d89cef6c0429cb7013

SHA1
0d47478f4b15fb2a714daca3919e3ebe4b21e440

SHA256
c14485b40afdd5e19110e31eaccf061801de37bc58ea820ff4a287ad16ab4302

SHA512
25d03d5bc4261d617240b9ae67b2cebe7e126dc496bfa816227a8082a295b7738c1f29410f69f4a65152f65db2864dd41c6f77014881c01781dcc35181889c1d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4eb25b3bc3f1706c9d2950ca686cb2c6

SHA1
5999d67b5cdc086ff8e94bf2f60fb5a4f1bbce48

SHA256
7513b885e0e9b0972e8a5747d7df586741baf2bb3e2774a3082b68305929602d

SHA512
21b48504ba69bb85c65f116d00f1e31c751d899c1f6d9176de3a18e8b68799658fe2d4062a567b2801068df8909f3ca9cf5ec2996a4d8885c7960b6482e93711

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4eb25b3bc3f1706c9d2950ca686cb2c6

SHA1
5999d67b5cdc086ff8e94bf2f60fb5a4f1bbce48

SHA256
7513b885e0e9b0972e8a5747d7df586741baf2bb3e2774a3082b68305929602d

SHA512
21b48504ba69bb85c65f116d00f1e31c751d899c1f6d9176de3a18e8b68799658fe2d4062a567b2801068df8909f3ca9cf5ec2996a4d8885c7960b6482e93711

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
397d3ad380700c7597683ae7d9d9f197

SHA1
0836f407769831f256eb38b8d151ea53c8600dfc

SHA256
a50fb69d390e22b9c67675a9ab861c2d53c326a5b4d76231a109633a9b90495a

SHA512
1e357773500df11cae70e71d14732b3838c23679a85784ef66f11bf5b4b80bf549d14ada479c1e6aad8448a367f1c246e2f67ab6f6a573ab5b862d76a060aacb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f83acdab0c79d339db116ba6d46b3a3

SHA1
ceed8480d5db014282f659ddecf51dda93da1995

SHA256
e279c6f6d72dc7ea4518e4e3252af893866fbd6c0988cf0bbeb8ab8d0b652163

SHA512
59f8fda5d32b1c6aefc860625e500edb7720d6a1a379d4cf09558f1f96fa6aea535057e55073b9c024ea12a249b08bf7daa892877a4fa043e10550054738a78c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f83acdab0c79d339db116ba6d46b3a3

SHA1
ceed8480d5db014282f659ddecf51dda93da1995

SHA256
e279c6f6d72dc7ea4518e4e3252af893866fbd6c0988cf0bbeb8ab8d0b652163

SHA512
59f8fda5d32b1c6aefc860625e500edb7720d6a1a379d4cf09558f1f96fa6aea535057e55073b9c024ea12a249b08bf7daa892877a4fa043e10550054738a78c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f83acdab0c79d339db116ba6d46b3a3

SHA1
ceed8480d5db014282f659ddecf51dda93da1995

SHA256
e279c6f6d72dc7ea4518e4e3252af893866fbd6c0988cf0bbeb8ab8d0b652163

SHA512
59f8fda5d32b1c6aefc860625e500edb7720d6a1a379d4cf09558f1f96fa6aea535057e55073b9c024ea12a249b08bf7daa892877a4fa043e10550054738a78c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f83acdab0c79d339db116ba6d46b3a3

SHA1
ceed8480d5db014282f659ddecf51dda93da1995

SHA256
e279c6f6d72dc7ea4518e4e3252af893866fbd6c0988cf0bbeb8ab8d0b652163

SHA512
59f8fda5d32b1c6aefc860625e500edb7720d6a1a379d4cf09558f1f96fa6aea535057e55073b9c024ea12a249b08bf7daa892877a4fa043e10550054738a78c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f83acdab0c79d339db116ba6d46b3a3

SHA1
ceed8480d5db014282f659ddecf51dda93da1995

SHA256
e279c6f6d72dc7ea4518e4e3252af893866fbd6c0988cf0bbeb8ab8d0b652163

SHA512
59f8fda5d32b1c6aefc860625e500edb7720d6a1a379d4cf09558f1f96fa6aea535057e55073b9c024ea12a249b08bf7daa892877a4fa043e10550054738a78c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0f83acdab0c79d339db116ba6d46b3a3

SHA1
ceed8480d5db014282f659ddecf51dda93da1995

SHA256
e279c6f6d72dc7ea4518e4e3252af893866fbd6c0988cf0bbeb8ab8d0b652163

SHA512
59f8fda5d32b1c6aefc860625e500edb7720d6a1a379d4cf09558f1f96fa6aea535057e55073b9c024ea12a249b08bf7daa892877a4fa043e10550054738a78c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a9a121eabf366ae688094a517af4b289

SHA1
668fe5b7a077b692220843760564037102cf8f91

SHA256
6de24cee37deb9099976dbd483b043f530a31d20e9b9184b91c528cbb6ce196d

SHA512
01c0aa934cec424a48b1907516d9adc72d1aa066ff665e56b1015d504cc9ad65685750fa05b96bfffafe84308bd7a10c9d6b5bc3a438c3c099ac324e97d828bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
28508ee5a90658996c914fe999c700ee

SHA1
1885181fd9d3d053b58b24a9c7f7fa6b4661f87d

SHA256
a6213a2ac128e109e75785bc71dd277c67f1fbb1ce683ef3fd1faf7f8ac054af

SHA512
99b312092f07b26000f296d05c7b34d1dc9d963a736f0306eb4d14b18d5adca16739e8d9bc8ca207d6efa9f4bc0ec5b0bd88eac577326d9e7765a68393bdfa31

Download Submit
C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
C:\Windows\System32\DriverStore\Temp\{0432ce5d-9ab1-484b-88a5-31c12f8dc86e}\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriver-manifest.ini

Filesize
271B

MD5
0d7876b516b908aab67a8e01e49c4ded

SHA1
0900c56619cd785deca4c302972e74d5facd5ec9

SHA256
98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753

SHA512
6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriver.gpd

Filesize
11KB

MD5
e0d32d133d4fe83b0e90aa22f16f4203

SHA1
a06b053a1324790dfd0780950d14d8fcec8a5eb9

SHA256
6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4

SHA512
c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml

Filesize
584B

MD5
b76df597dd3183163a6d19b73d28e6d3

SHA1
9f7d18a7e09b3818c32c9654fb082a784be35034

SHA256
cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33

SHA512
6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriverRenderFilter.dll

Filesize
277KB

MD5
1e4faaf4e348ba202dee66d37eb0b245

SHA1
bb706971bd21f07af31157875e0521631ecf8fa5

SHA256
3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d

SHA512
008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\v4.cab

Filesize
127KB

MD5
5a4f0869298454215cccf8b3230467b3

SHA1
924d99c6bf1351d83b97df87924b482b6711e095

SHA256
5214e8ff8454c715b10b448e496311b4ff18306ecf9cbb99a97eb0076304ce9a

SHA512
0acf25d5666113ce4b39aa4b17ce307bef1a807af208560471a508d1ecadfa667d80f97c191e187b8ea6af02128d55685a4dd0ddc6dd5aabe8b460f6bc727eee

Download Submit
memory/1008-839-0x0000000000B50000-0x0000000001BCE000-memory.dmp

Filesize
16.5MB

Download
memory/1008-539-0x0000000000B50000-0x0000000001BCE000-memory.dmp

Filesize
16.5MB

Download
memory/1184-438-0x0000000000B50000-0x0000000001BCE000-memory.dmp

Filesize
16.5MB

Download
memory/1184-725-0x0000000000B50000-0x0000000001BCE000-memory.dmp

Filesize
16.5MB

Download
memory/2352-138-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-160-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-266-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/2352-181-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-180-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-179-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-178-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-177-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-176-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-175-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-174-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-173-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-172-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-171-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-121-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-122-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-170-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-169-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-168-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-123-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-183-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-166-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/2352-165-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-124-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-125-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-163-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-162-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-161-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-159-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-127-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-128-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-158-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-126-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-129-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-157-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-156-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-155-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-130-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-154-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-131-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-164-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-132-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-133-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-152-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-184-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-120-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-151-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-150-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-149-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-148-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-147-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-146-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-145-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-144-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-143-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-804-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/2352-142-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-141-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-153-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-140-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-139-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-182-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-137-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-135-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/2352-136-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2352-134-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2500-185-0x0000000000000000-mapping.dmp

Download
memory/2500-887-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/2500-354-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/2500-231-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/3264-899-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/3264-353-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/3264-222-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/3264-188-0x0000000000000000-mapping.dmp

Download
memory/3716-845-0x0000000000B50000-0x0000000001BCE000-memory.dmp

Filesize
16.5MB

Download
memory/3716-670-0x0000000000B50000-0x0000000001BCE000-memory.dmp

Filesize
16.5MB

Download
memory/3876-808-0x0000000000000000-mapping.dmp

Download
memory/4484-823-0x0000000000000000-mapping.dmp

Download
memory/4832-393-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/4832-358-0x0000000000000000-mapping.dmp

Download
memory/4832-629-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/4832-673-0x0000000000270000-0x00000000012EE000-memory.dmp

Filesize
16.5MB

Download
memory/5080-515-0x0000000000000000-mapping.dmp

Download
memory/5088-614-0x0000000000000000-mapping.dmp

Download