fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Analysis

max time kernel
141s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2023 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Executes dropped EXE 4 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
4348	AnyDesk.exe
3596	AnyDesk.exe
5068	AnyDesk.exe
3052	AnyDesk.exe

Loads dropped DLL 2 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
3596	AnyDesk.exe
4348	AnyDesk.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 27 IoCs

Processes:

DrvInst.exe

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C3A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C5D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriver.gpd	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C4C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C5C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C5C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.gpd	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C3A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C4C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C5D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C39.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C39.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C4B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\anydeskprintdriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\SET5C4B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\anydeskprintdriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriver-manifest.ini	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml	DrvInst.exe

Drops file in Program Files directory 4 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File created	C:\Program Files (x86)\AnyDesk\gcapi.dll	AnyDesk.exe
File opened for modification	C:\Program Files (x86)\AnyDesk\gcapi.dll	AnyDesk.exe
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe

Drops file in Windows directory 7 IoCs

Processes:

rundll32.exesvchost.exeDrvInst.exeexpand.exe

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	rundll32.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\LOGS\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\LOGS\DPX\setuperr.log	expand.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exeDrvInst.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 41 IoCs

Processes:

DrvInst.exe

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe

Modifies registry class 16 IoCs

Processes:

AnyDesk.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" \"%1\""	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

rundll32.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	rundll32.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exeAnyDesk.exe

pid	Process
4104	AnyDesk.exe
4104	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
4348	AnyDesk.exe
4348	AnyDesk.exe
3052	AnyDesk.exe
3052	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

svchost.exe

description	pid	Process
Token: SeAuditPrivilege	4984	svchost.exe
Token: SeSecurityPrivilege	4984	svchost.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
4256	AnyDesk.exe
4256	AnyDesk.exe
4256	AnyDesk.exe
3596	AnyDesk.exe
3596	AnyDesk.exe
3596	AnyDesk.exe

Suspicious use of SendNotifyMessage 6 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid	Process
4256	AnyDesk.exe
4256	AnyDesk.exe
4256	AnyDesk.exe
3596	AnyDesk.exe
3596	AnyDesk.exe
3596	AnyDesk.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

AnyDesk.exeAnyDesk.exesvchost.exeDrvInst.exe

description	pid	Process	procid_target
PID 2676 wrote to memory of 4104	2676	AnyDesk.exe	81
PID 2676 wrote to memory of 4104	2676	AnyDesk.exe	81
PID 2676 wrote to memory of 4104	2676	AnyDesk.exe	81
PID 2676 wrote to memory of 4256	2676	AnyDesk.exe	82
PID 2676 wrote to memory of 4256	2676	AnyDesk.exe	82
PID 2676 wrote to memory of 4256	2676	AnyDesk.exe	82
PID 2676 wrote to memory of 2860	2676	AnyDesk.exe	83
PID 2676 wrote to memory of 2860	2676	AnyDesk.exe	83
PID 2676 wrote to memory of 2860	2676	AnyDesk.exe	83
PID 2860 wrote to memory of 1924	2860	AnyDesk.exe	88
PID 2860 wrote to memory of 1924	2860	AnyDesk.exe	88
PID 2860 wrote to memory of 1924	2860	AnyDesk.exe	88
PID 2860 wrote to memory of 3136	2860	AnyDesk.exe	90
PID 2860 wrote to memory of 3136	2860	AnyDesk.exe	90
PID 2860 wrote to memory of 3136	2860	AnyDesk.exe	90
PID 4984 wrote to memory of 3548	4984	svchost.exe	93
PID 4984 wrote to memory of 3548	4984	svchost.exe	93
PID 3548 wrote to memory of 3380	3548	DrvInst.exe	94
PID 3548 wrote to memory of 3380	3548	DrvInst.exe	94

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4256
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --install-driver:printer --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Windows\SysWOW64\expand.exe
    expand -F:* "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\v4.cab" "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver"
    3⤵
    - Drops file in Windows directory
    PID:1924
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /if /b "AnyDesk Printer" /f "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\AnyDeskPrintDriver.inf" /r "AD_Port" /m "AnyDesk v4 Printer Driver"
    3⤵
    - Drops file in Windows directory
    - Modifies system certificate store
    PID:3136

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4348

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3596

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:5068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\anydeskprintdriver.inf" "9" "49a18f3d7" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\users\admin\appdata\roaming\anydesk\printer_driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:3548
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{d005d272-743d-6b45-a97a-214a674e3825} Global\{e53555f3-3025-8040-a418-c19e5b696ac7} C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\anydeskprintdriver.inf C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriver.cat
    3⤵
    PID:3380

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3052

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.8MB

MD5
e546506082b374a0869bdd97b313fe5d

SHA1
082dc6b336b41788391bad20b26f4b9a1ad724fc

SHA256
fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

SHA512
15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
6d334e9cee65d866f917940b607654d6

SHA1
82a22f599b0410da909cf4131a9fa923327bc59d

SHA256
140f0febf389b380768b66f74a17ddf1bfe009bfe16dc7d875578d961ab4f0f7

SHA512
8a91c732a7f1f77b77682d0d899df70803642146dcf231a4fc3e17e82764c5aa722f9a0935d908985bf1bbb98d3ff961ae67f1d18246ff9673ccd60027632cd9

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
9afcac0c1515d0287e98bc83b243be1b

SHA1
c2ec67857d58c8414793facdbc8f58d7441a10c3

SHA256
48b28d2c10417fe985fcdbfc21d0398e556c7d3e6a460536df025f14af672ece

SHA512
6889b290b7a407c07636e7b750d4d583c1395101f3bb39fad51a09dee4a8e9a528133d004249471fcc2857cb3b3bd3696d26c0aac51035b5613c7a855ff203dd

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
967B

MD5
705d89d816557c1cfd8aeea558868af3

SHA1
1516bd7421d2b751373813db69f2dc1868cf487c

SHA256
11c5112ab042069ac7f774ce3538925c59f93dbcd0931a9140db306ef68f57cf

SHA512
0af99a8e8cab1ffa3229957565ce37f42d1a7666ec547bea450520e8f8b40eedcd93cb5b4f235ba097c4a4d974158665e3aec7ac33c098282de7c1d17d620d5f

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
967B

MD5
705d89d816557c1cfd8aeea558868af3

SHA1
1516bd7421d2b751373813db69f2dc1868cf487c

SHA256
11c5112ab042069ac7f774ce3538925c59f93dbcd0931a9140db306ef68f57cf

SHA512
0af99a8e8cab1ffa3229957565ce37f42d1a7666ec547bea450520e8f8b40eedcd93cb5b4f235ba097c4a4d974158665e3aec7ac33c098282de7c1d17d620d5f

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
967B

MD5
3ea2f578bbb494fd86183ef1c58bb45b

SHA1
d2473408cb5cf87e18cadb2f900de8a3c7b914ed

SHA256
1d96ea4cf81a038f96c039d7e7553ad4f48d03d117194f9eac98257e012183f6

SHA512
8146cd5eb86a1b89786484f3ed3a28053dbc52e543c0ffe57f4746e594f4f4c931347253bb3d8630275c9d13e71a8c0993cc9b7e29885e959fdaf995d741cce0

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
967B

MD5
3ea2f578bbb494fd86183ef1c58bb45b

SHA1
d2473408cb5cf87e18cadb2f900de8a3c7b914ed

SHA256
1d96ea4cf81a038f96c039d7e7553ad4f48d03d117194f9eac98257e012183f6

SHA512
8146cd5eb86a1b89786484f3ed3a28053dbc52e543c0ffe57f4746e594f4f4c931347253bb3d8630275c9d13e71a8c0993cc9b7e29885e959fdaf995d741cce0

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
967B

MD5
763de836d9dccedaee88d3ff3e3226ac

SHA1
e69bdf54fefc9c6d2c8a851468f3164fc0276848

SHA256
dd11e1770d229cd1d0e7676c2d10019acb42406d81ef9d0a88b4207c7b56963d

SHA512
7f99fe40f6b40c3cd8f9d6e9b5f67233b9763cd07e086936588e6d13c7cc38ec2b0ab063f25183c60b28806ef4d87a1cf66188b2a1fb92b0346994081fcef1d1

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
967B

MD5
0f6b94b46905e75e5100bc4281654f4b

SHA1
982f413dd05a138581c0eeaff3c76ae52a74225d

SHA256
fd969cb489d6ea437fb93dd029f742d9dec7e3e5b9ad1f30ac5eed121fa91674

SHA512
465d52d4eca93b1b48958ea283615e32997f2430dcc68259ddae8c4cac9f6418590d65f8209891ca70ac01c4d6801d86661a6a8483e7db41a8eee3fb480fc1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A2737~1\AnyDeskPrintDriver-manifest.ini

Filesize
271B

MD5
0d7876b516b908aab67a8e01e49c4ded

SHA1
0900c56619cd785deca4c302972e74d5facd5ec9

SHA256
98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753

SHA512
6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A2737~1\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A2737~1\AnyDeskPrintDriver.gpd

Filesize
11KB

MD5
e0d32d133d4fe83b0e90aa22f16f4203

SHA1
a06b053a1324790dfd0780950d14d8fcec8a5eb9

SHA256
6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4

SHA512
c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A2737~1\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml

Filesize
584B

MD5
b76df597dd3183163a6d19b73d28e6d3

SHA1
9f7d18a7e09b3818c32c9654fb082a784be35034

SHA256
cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33

SHA512
6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A2737~1\AnyDeskPrintDriverRenderFilter.dll

Filesize
277KB

MD5
1e4faaf4e348ba202dee66d37eb0b245

SHA1
bb706971bd21f07af31157875e0521631ecf8fa5

SHA256
3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d

SHA512
008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\SET58AF.tmp

Filesize
277KB

MD5
1e4faaf4e348ba202dee66d37eb0b245

SHA1
bb706971bd21f07af31157875e0521631ecf8fa5

SHA256
3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d

SHA512
008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\SET58C0.tmp

Filesize
584B

MD5
b76df597dd3183163a6d19b73d28e6d3

SHA1
9f7d18a7e09b3818c32c9654fb082a784be35034

SHA256
cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33

SHA512
6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\SET58EF.tmp

Filesize
271B

MD5
0d7876b516b908aab67a8e01e49c4ded

SHA1
0900c56619cd785deca4c302972e74d5facd5ec9

SHA256
98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753

SHA512
6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\SET58F0.tmp

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\SET58F1.tmp

Filesize
11KB

MD5
e0d32d133d4fe83b0e90aa22f16f4203

SHA1
a06b053a1324790dfd0780950d14d8fcec8a5eb9

SHA256
6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4

SHA512
c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\SET58F2.tmp

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{a2737638-76d1-7149-a51c-67f50b240762}\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
a48a8f37a42259250e95b15305fe19e4

SHA1
49dd749186e9e0276e7bb5c6b76d2eca8afc5b3b

SHA256
1f7a1e017e2cd11acb5be00289574756dd28a10a4824afad8089da78e4a1b4e1

SHA512
8545216d84b55e83b0db1f546b14fba979827d4d38dbd523fcb3b9646ad763eb27b7b8f237932bacc575c766ce87419be9a1f33b71933570128e8ecfb5861e43

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
f5e43ff487e86b3654d3cd18db4be6b9

SHA1
012d8159ed1fed6bdaeba6a72606438378b49b9a

SHA256
6c53c8bf067720b38efc0120bc679ef1dd34fdf16f324649fbfce27ae8c02d62

SHA512
bccfd65c243497868984977ea73340dd5c6c446b6ce7de46b9c4319dc692e66d8d14dfa3cc357fae79f7eaad99989cce63cdb13867b98ed5eae26a612bda4f94

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
28KB

MD5
c8db7197f2e49bbc99ceb9cac3829571

SHA1
0c0de5f934c5dec6c8bcca8e5934d41b6cd9a15e

SHA256
9d0ec1407fbd0f52f9d6b539c8e9594e7d2c66dc37dfb122319e1523f5921e0e

SHA512
d3c55ef0e2299e9abe1067c28585e0a264005122c98610049ca1d6255cc8c5ebc169bf309557e9ca1aab6d504c5b873cfbbb9b83c4d34957bc3d7f625d0360d6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
32KB

MD5
f5e3773766f7f9e8eb687388b7b83951

SHA1
1874829ed3a641c8027fde0aeb25d4917c8355cd

SHA256
cdcdd4c17a30df833c6db5a755cfdfbc953c6aca88a8d90ddba39d602c425087

SHA512
1af895f2fbf3c1d59393e3ec30bdbd48ab93681f5e171027731e9c08e542e9fa0940fb46ba455f373d501cfc2cdc9d2e2aba2bb1e72a19f5bcc137c2987093f0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
062678ae9dfb812cc6002734a3db7cd9

SHA1
1c24ccee4c8dab5ae36881f62cb5e6cf18daa764

SHA256
0d470e07357728b0e2867be53ddd8d8ef8cd11c30d87678bf25e29f3065d25e6

SHA512
3456eedb8673c8cc2e5e62c326e667f002e0ac771b0126e40653314f32474bc92eb7f6d1cbaffdbf090ff467ff53c6c0ed1013b16c4cbd44b1891481cb518526

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
51b8ac398b33739b2448b4451839510d

SHA1
a600ef5828c02d08331e64e39c1a87ccae4024a7

SHA256
a1ebe6c9d1b93d3767f2dc5005959f2ed5e226ea3a9d982f3ba8ebe436576af3

SHA512
63449738ab602994e0b40f54bda72735f8ded91ef59bdd5cc19dd4eb8681c6fb980938e13a6828abe089efaad7c75281d48d4f8745c8c45b410e69a2f2288cd2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
51b8ac398b33739b2448b4451839510d

SHA1
a600ef5828c02d08331e64e39c1a87ccae4024a7

SHA256
a1ebe6c9d1b93d3767f2dc5005959f2ed5e226ea3a9d982f3ba8ebe436576af3

SHA512
63449738ab602994e0b40f54bda72735f8ded91ef59bdd5cc19dd4eb8681c6fb980938e13a6828abe089efaad7c75281d48d4f8745c8c45b410e69a2f2288cd2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
fadd6fea99532b7eabb80fa236cbc87d

SHA1
c58e75d6f94177159961b19c606e2f34900ff1f4

SHA256
883877aaabdda5ee04772ef4c33946519a56b24f2991c82cc61fb05547be8a24

SHA512
4e05e4c28461c4c6150d8d3c52895963f9e03f1dfae10b097f79b75b7beff56bb031f157c3eba84132e4b0e07c9d2851ca7ef585c5433564120ed949c9efbdee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
782ae1198a93886b0192f940846f857a

SHA1
d269deb5c9aa06a9ff808a15f4ed97c62ca4ba10

SHA256
571fd4dfdb47b048caa4ef87ef4a667f46e9e2681df79c09d0f1ddf529123c3f

SHA512
a0711ecc1a4763563ca60b8663db752e0c734d2f292ac7a8c34425f748b62583e56abd5e2c895cbbd986afd2769e36302ec0c053cd17e7bae326f19e81c9e401

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
782ae1198a93886b0192f940846f857a

SHA1
d269deb5c9aa06a9ff808a15f4ed97c62ca4ba10

SHA256
571fd4dfdb47b048caa4ef87ef4a667f46e9e2681df79c09d0f1ddf529123c3f

SHA512
a0711ecc1a4763563ca60b8663db752e0c734d2f292ac7a8c34425f748b62583e56abd5e2c895cbbd986afd2769e36302ec0c053cd17e7bae326f19e81c9e401

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
611B

MD5
514c5cbc7607fd3c39043c01d6579767

SHA1
3f0a14ee691eba22639ccc8293511fcf74932866

SHA256
f8757fea79a4c2ac82e724bff1e5879f20ec740ca6899a23bb81e638977b2d19

SHA512
9d890fc4643bcad801826d1556d018fd60d6f3f706b6856e8a55cf4b59a78cd436d906051602bdecf94bd95fc8d4f6d5199eb6df7820448490ab877a7d9a3cd3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
611B

MD5
514c5cbc7607fd3c39043c01d6579767

SHA1
3f0a14ee691eba22639ccc8293511fcf74932866

SHA256
f8757fea79a4c2ac82e724bff1e5879f20ec740ca6899a23bb81e638977b2d19

SHA512
9d890fc4643bcad801826d1556d018fd60d6f3f706b6856e8a55cf4b59a78cd436d906051602bdecf94bd95fc8d4f6d5199eb6df7820448490ab877a7d9a3cd3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
771a4ae674ce124adf1628893f1f2e0c

SHA1
0ea5646768b85fd655bc723d7d877ccb955615e6

SHA256
0806fbb8c4d8a2dd8de5ae00e0d1087cbe7569750096228153c284e1aad3cb23

SHA512
aa4a472f53d049e6491a30ac49968cff23b7679fc104b3ba42bdd88512ac1827276b00243cc763d26ee49210bdb57bdddceb7ffe1bf71099ff1761316aa78231

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
801B

MD5
fed8df6f0e6e620ed94370fb417ce5ac

SHA1
767db5c974a74ae06b8abec76894bab830200e9e

SHA256
b9e809e634291c019f8d546461cc7288690ca3025213b0c302c9bd11cb0ffa87

SHA512
c1776b13c9eb050c21555366c73adfead8c4c2b23c26c0840f68d8a01abc63bd5d239af4b45126877035690c0a7441a4646e28fc23d3f8f5f98391efaacdded2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
dc65e7b1c5de4ea5961bb9f270cf5dfd

SHA1
0245605e00df90a05681db00a272c95d1b338019

SHA256
53fb4294cf8050798ecc6efefa6fa2dfeb7984de1fb077ea6433234dae22f92d

SHA512
47769034b4bc82e5b94980f49f47c7152a29e7ece29c5573b95ff5dc80bde3e9497e8090bf319838f22c582450d9bde3616cec39d185a0c78683c7791e60eab5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
dc65e7b1c5de4ea5961bb9f270cf5dfd

SHA1
0245605e00df90a05681db00a272c95d1b338019

SHA256
53fb4294cf8050798ecc6efefa6fa2dfeb7984de1fb077ea6433234dae22f92d

SHA512
47769034b4bc82e5b94980f49f47c7152a29e7ece29c5573b95ff5dc80bde3e9497e8090bf319838f22c582450d9bde3616cec39d185a0c78683c7791e60eab5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a8a6e4987073790c2887374f5c8ef89a

SHA1
391bd44a50a843b3fd3f5e6f28c86d182204e596

SHA256
40ddf5518e79af6c8b6c2de5314b514650c080387caaeaad3417c7b62f23744d

SHA512
82508a4f72b99c8cbb92d52c158fc7787a2b667ac51a9e94fc8ccf033da792fb14309783a72cf2b7d15cec92ac838ac54c3796c0c5743ed6f0c350fec5dce25a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0579ba5682243511d78218cdd3395fc5

SHA1
c669f66aa78d289f7f194b7b0a95ff453c653a8a

SHA256
4213afb581136e6545f7b2d7358f3ee28bca7f369d4dfc266898fa283385c2c9

SHA512
558a88e9d22d87e687b3b8d5259d1178513c004d8b15b2742c15e7cba7d0c90c3802831e16c5f96a730febb011e5510702fcc152db46319fb8a23eb00f0d3d6c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f23d3696fd3d55e99af7649a2f35369

SHA1
388cf53074c97b80c1bde67738fb8fe01a457978

SHA256
7cdb32015c35518eb655fd3a65aef4587d8e32bedb4f9892b82d241024e5d38b

SHA512
383dcd8e7e72c76b0f92266e2ec47ff2074e9680fc6607680c191e53cb42b93d96d13ead554db288f025f1be8006ba1e0bff7b81c4bf18a2a4db340d5f1c17ec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6a82c880774173203ec5a228039c44b9

SHA1
5cb07b66ddc45f8c76e029585a0a8bb2d03ae38b

SHA256
273ab6df50ece864f0e15fed7820a84cfc28bf75181c822eafb89e3733e48dca

SHA512
c46ace28c902a2dffe1a648be4d8f2b4084457ef632954c37845014dbb551122808e525fe9438515ce5bf09ae26d44980ce09046cefb0082679908150e65c5ad

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aa95a4b8659fe9a587c739fa363f953a

SHA1
c3f22fe0bdc55db4e21a62dec7f6f0e29416eb7f

SHA256
208f6ee4336109c0609ea22d805e644708e473af75cfdacebf370fa9626b6381

SHA512
410752290d04613e27c781237991f7d4ec5d4ae779cfb27aefc6d50dad270123c1dbfceeb34b92bb7e6f92a82095b24b4efb6bbf9c53fbb4b5edb5f726d6b976

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f1f706db246ae7e43c4137854c5be9d4

SHA1
740cdfa58d5e6aec769ffbca451803b616667e56

SHA256
fedf546b3a61a0bfdf2fa0208edb1aa10ee1817ee4047b1e889b6f8054697fb5

SHA512
1b36778cf95525a3ba835adc6b829721e3e4a14ef57c7a285547c72e103fca86bc23e71ca64596cc6ae21c97523e2436ca87a9325849ec6e612f1a97015b5027

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4a6e45a49a60ba89531c00b687be672f

SHA1
502073ac9ba0d6d99527438a840b303b0dce0d58

SHA256
e28c30270b82a52b3a700a56f05fa3f0a0663c5f78011600e1293132f89b4c64

SHA512
c397812376a912af8c6ec149b351c31eac792144d9b666bdad3f3a9310d63188c01b64cf91c137a85290c327277b25835d64117f35f89775c5fb5dbb05b7b8b0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
31dabe007709f90a715d441c8efd67ac

SHA1
55cef4dfc70d2fd707d488f6fce6773388914e19

SHA256
544659a4ef973c7b51cc7351db74c848ac7a88a964d9d898f4558c991eb3fa96

SHA512
ac0a55a27472f1f40c1bc58fa3057fa9ab599b0085eb0da06649f0bc0968c76696afe6281d337ccdbf19eb92af1a78c196a522cc0e6a8702b0100fdb06591fd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
31dabe007709f90a715d441c8efd67ac

SHA1
55cef4dfc70d2fd707d488f6fce6773388914e19

SHA256
544659a4ef973c7b51cc7351db74c848ac7a88a964d9d898f4558c991eb3fa96

SHA512
ac0a55a27472f1f40c1bc58fa3057fa9ab599b0085eb0da06649f0bc0968c76696afe6281d337ccdbf19eb92af1a78c196a522cc0e6a8702b0100fdb06591fd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
31dabe007709f90a715d441c8efd67ac

SHA1
55cef4dfc70d2fd707d488f6fce6773388914e19

SHA256
544659a4ef973c7b51cc7351db74c848ac7a88a964d9d898f4558c991eb3fa96

SHA512
ac0a55a27472f1f40c1bc58fa3057fa9ab599b0085eb0da06649f0bc0968c76696afe6281d337ccdbf19eb92af1a78c196a522cc0e6a8702b0100fdb06591fd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
31dabe007709f90a715d441c8efd67ac

SHA1
55cef4dfc70d2fd707d488f6fce6773388914e19

SHA256
544659a4ef973c7b51cc7351db74c848ac7a88a964d9d898f4558c991eb3fa96

SHA512
ac0a55a27472f1f40c1bc58fa3057fa9ab599b0085eb0da06649f0bc0968c76696afe6281d337ccdbf19eb92af1a78c196a522cc0e6a8702b0100fdb06591fd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
31dabe007709f90a715d441c8efd67ac

SHA1
55cef4dfc70d2fd707d488f6fce6773388914e19

SHA256
544659a4ef973c7b51cc7351db74c848ac7a88a964d9d898f4558c991eb3fa96

SHA512
ac0a55a27472f1f40c1bc58fa3057fa9ab599b0085eb0da06649f0bc0968c76696afe6281d337ccdbf19eb92af1a78c196a522cc0e6a8702b0100fdb06591fd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
31dabe007709f90a715d441c8efd67ac

SHA1
55cef4dfc70d2fd707d488f6fce6773388914e19

SHA256
544659a4ef973c7b51cc7351db74c848ac7a88a964d9d898f4558c991eb3fa96

SHA512
ac0a55a27472f1f40c1bc58fa3057fa9ab599b0085eb0da06649f0bc0968c76696afe6281d337ccdbf19eb92af1a78c196a522cc0e6a8702b0100fdb06591fd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
2f5628b723bba7bbef1e04c13006f1fe

SHA1
d9d90a01fab09e6e7a16f973c7efe48afa8441f3

SHA256
083377e9e5eddea30e453c2f1b6fcb9f4e1d891fce3f1fb043dee012139789a9

SHA512
6a5bbb6d464c7d1a55972e755adfede64c2109923ed4914e29cbed1ba25c04db2a4b78df6b02034618c8d6a981594df36b1dc202f2287c094fbf6e3713246928

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
6bda873f3865bdbfcc52303e5effd7f3

SHA1
76f75c41bda65eee7a420a0c388042054e9de230

SHA256
09df0c60d2a9283b873a5e46944da618e3f49acb6bdc2a9e5d42c15b13248018

SHA512
c9b1ccf561a325dc14b0ed897a9602d4cc353efc3627dc975465814569584dfe0f22ca55811a6e9df4f5c4378f63e5cb85df3aadca3bdfa2c84a5a4c7a2a0998

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
93022b8138effba4d3fd477192f912f8

SHA1
9eab8def3d3a4df7c51d560520c08ba9dc363388

SHA256
047ff44d7ae9fce36c2d01e7dfac37f32e989b4386af01194682d7a7f00654b4

SHA512
63905255a027f875ffbcb56e3eb3e3c4cb85654a18b8e590e8ac2d8b9d93f5aa30d850fe9267cb1c030cc325b5758c621e3a41be0bc0bd61196d5a7e29f74506

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
08fb5d2734f67f79e8de76cc15973d8c

SHA1
af5aeb10a186b359d74ef27b017963c83462b466

SHA256
2ce829c067107821acd26eafcf9331835dc5353a47fb62090833aa6873f6448e

SHA512
c100ad2c3f56accf099c352f4b62fab736e3d2e0cbbd5c9421eb75851c84572e6b8e60d66e6f08106729d4bb17857fb29b856b5ad8b46dd955426eab7c1b6177

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
2583b0663fb44e34adc8b566f0228b96

SHA1
c2e8991bd7f509b96af6c1ee009577f3cea7fee4

SHA256
6c970d1ffa9302784208dbe9c6d1fac89dac48dad3eb95a798acb25585d5182f

SHA512
bb3961ff88470a0bc82557a3a3c1d7d58e88b2395978890645175597332c4c5176f66ed64319052550008ebf60d529233efa33b6e734a107054b139b47e67897

Download Submit
C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
C:\Windows\System32\DriverStore\Temp\{52eff9b6-3207-4a47-8518-469bb00847b7}\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriver-manifest.ini

Filesize
271B

MD5
0d7876b516b908aab67a8e01e49c4ded

SHA1
0900c56619cd785deca4c302972e74d5facd5ec9

SHA256
98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753

SHA512
6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriver.gpd

Filesize
11KB

MD5
e0d32d133d4fe83b0e90aa22f16f4203

SHA1
a06b053a1324790dfd0780950d14d8fcec8a5eb9

SHA256
6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4

SHA512
c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml

Filesize
584B

MD5
b76df597dd3183163a6d19b73d28e6d3

SHA1
9f7d18a7e09b3818c32c9654fb082a784be35034

SHA256
cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33

SHA512
6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\PRINTE~1\AnyDeskPrintDriverRenderFilter.dll

Filesize
277KB

MD5
1e4faaf4e348ba202dee66d37eb0b245

SHA1
bb706971bd21f07af31157875e0521631ecf8fa5

SHA256
3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d

SHA512
008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\AnyDeskPrintDriver.cat

Filesize
9KB

MD5
6d1663f0754e05a5b181719f2427d20a

SHA1
5affb483e8ca0e73e5b26928a3e47d72dfd1c46e

SHA256
12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3

SHA512
7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\anydeskprintdriver.inf

Filesize
2KB

MD5
d4ca3f9ceeb46740c6c43826d94aba18

SHA1
d863cb54ad2fa0cfc0329954cbe49f70f49fdb87

SHA256
494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c

SHA512
be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

Download Submit
\??\c:\users\admin\appdata\roaming\anydesk\printer_driver\v4.cab

Filesize
127KB

MD5
5a4f0869298454215cccf8b3230467b3

SHA1
924d99c6bf1351d83b97df87924b482b6711e095

SHA256
5214e8ff8454c715b10b448e496311b4ff18306ecf9cbb99a97eb0076304ce9a

SHA512
0acf25d5666113ce4b39aa4b17ce307bef1a807af208560471a508d1ecadfa667d80f97c191e187b8ea6af02128d55685a4dd0ddc6dd5aabe8b460f6bc727eee

Download Submit
memory/2676-353-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/2676-362-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/2676-133-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/2676-135-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2676-153-0x00000000054A0000-0x00000000054A1000-memory.dmp

Filesize
4KB

Download
memory/2676-151-0x0000000005490000-0x0000000005491000-memory.dmp

Filesize
4KB

Download
memory/2676-347-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/2860-496-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/2860-357-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/2860-499-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/3052-700-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/3052-657-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/3052-687-0x00000000052B0000-0x00000000052B1000-memory.dmp

Filesize
4KB

Download
memory/3052-688-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/3052-754-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/3052-662-0x0000000001C90000-0x0000000001C91000-memory.dmp

Filesize
4KB

Download
memory/3596-622-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/3596-698-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/3596-461-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/3596-506-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/4104-149-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/4104-348-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/4256-349-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/4256-206-0x0000000001D90000-0x0000000001D91000-memory.dmp

Filesize
4KB

Download
memory/4256-148-0x0000000000770000-0x00000000017EE000-memory.dmp

Filesize
16.5MB

Download
memory/4348-648-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/4348-697-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/4348-613-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/4348-385-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/4348-755-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/5068-530-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/5068-650-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/5068-601-0x00000000050C0000-0x00000000050C1000-memory.dmp

Filesize
4KB

Download
memory/5068-623-0x0000000000580000-0x00000000015FE000-memory.dmp

Filesize
16.5MB

Download
memory/5068-612-0x00000000050B0000-0x00000000050B1000-memory.dmp

Filesize
4KB

Download
memory/5068-588-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download