734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

Analysis

max time kernel
40s
max time network
41s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-06-2023 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.9MB
MD5

bca01af10aac7833188c47d7fec17196
SHA1

7f7898da333b924bd358aeb9936a944eb8bf3c09
SHA256

734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a
SHA512

4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032
SSDEEP

49152:6ZeC+Xpi5ZnHuNO7HrDequJVU6GTTC/gZAjj4agcXz75rtelRqEiruLh3fZlTP5t:cpfn7HruwEk00agcD7fkRX6uRfZrnAnC

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe

Executes dropped EXE 1 IoCs

pid	Process
1968	AnyDesk.exe

Loads dropped DLL 4 IoCs

pid	Process
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0"	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" \"%1\""	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
1192	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe
1880	AnyDesk.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1380	AnyDesk.exe
1380	AnyDesk.exe
1380	AnyDesk.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1380	AnyDesk.exe
1380	AnyDesk.exe
1380	AnyDesk.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1192	1996	AnyDesk.exe	27
PID 1996 wrote to memory of 1192	1996	AnyDesk.exe	27
PID 1996 wrote to memory of 1192	1996	AnyDesk.exe	27
PID 1996 wrote to memory of 1192	1996	AnyDesk.exe	27
PID 1996 wrote to memory of 1380	1996	AnyDesk.exe	28
PID 1996 wrote to memory of 1380	1996	AnyDesk.exe	28
PID 1996 wrote to memory of 1380	1996	AnyDesk.exe	28
PID 1996 wrote to memory of 1380	1996	AnyDesk.exe	28
PID 1996 wrote to memory of 1880	1996	AnyDesk.exe	30
PID 1996 wrote to memory of 1880	1996	AnyDesk.exe	30
PID 1996 wrote to memory of 1880	1996	AnyDesk.exe	30
PID 1996 wrote to memory of 1880	1996	AnyDesk.exe	30

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1380
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
  2⤵
  - Drops file in Program Files directory
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1880

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Executes dropped EXE
PID:1968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
bca01af10aac7833188c47d7fec17196

SHA1
7f7898da333b924bd358aeb9936a944eb8bf3c09

SHA256
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

SHA512
4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
bca01af10aac7833188c47d7fec17196

SHA1
7f7898da333b924bd358aeb9936a944eb8bf3c09

SHA256
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

SHA512
4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
b4aa871cf7a0f6d1a57d38291c883e0d

SHA1
994333b6e1cb36c534f4b34a9db69dac5dac7d46

SHA256
37995fb13ec450ac331e5d15ecd5df41dc12d84b2f95254d2f69b4e6d374e14a

SHA512
adb82bcc1f5d2cb3a7619e1f756b24539a398719e2b0e76d506f7cdff2302a53c2bf9aa43852f58534324bf074ac37ce466e45e1d1552a830fb4cf6ad9baae53

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
66637bc7117668ae9fa3683f29aeb0bd

SHA1
a0fd9bd3431b60944c7473690e92987e1bdff6a5

SHA256
67bd3d2216a38cf5fb8b1d3cbf8a0e3d28b8a3ea5769e3546adcc05e9eeec2a4

SHA512
00fcc7f43de472e759ffe1be9733955f2ec1778f526c1d45760696800d4ab738188b476170730f03690fc0ff4c2614947cdfb07f720c8ffc4cbac7bfdec81efd

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
66637bc7117668ae9fa3683f29aeb0bd

SHA1
a0fd9bd3431b60944c7473690e92987e1bdff6a5

SHA256
67bd3d2216a38cf5fb8b1d3cbf8a0e3d28b8a3ea5769e3546adcc05e9eeec2a4

SHA512
00fcc7f43de472e759ffe1be9733955f2ec1778f526c1d45760696800d4ab738188b476170730f03690fc0ff4c2614947cdfb07f720c8ffc4cbac7bfdec81efd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
52KB

MD5
3616a41f252db21736c9faf7e0fee248

SHA1
69d8da12137bd2ec2f496a9f6e0b2afe5b806c2f

SHA256
67454dcc9e1ff1579e2fc1989760c5561b215a243872036a6a32655372355877

SHA512
10a16ec20aa1922f50edc78e2de375030178722a33e48744aa821cf88df5190c612efbad0f6b03c970b5b59ca1f154a4ef7f164c153203e31589a32f9403b0ac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
eca8102ff5828d0b1715437dc0ceb8f4

SHA1
0a164fb37d3e173f71bbe257eab0bac25f5c4083

SHA256
f78158432ebd996df29065f45627164ad4465e0a730d3ec12aec9c1394bc1765

SHA512
52c2d9688ea852a9e52de2633e9cd948d15973db8a5a7e0abfc89945feaebabb96275b67703b366af899aa32b036f76573456eae072f67c6c948b0226fcc56e1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
eca8102ff5828d0b1715437dc0ceb8f4

SHA1
0a164fb37d3e173f71bbe257eab0bac25f5c4083

SHA256
f78158432ebd996df29065f45627164ad4465e0a730d3ec12aec9c1394bc1765

SHA512
52c2d9688ea852a9e52de2633e9cd948d15973db8a5a7e0abfc89945feaebabb96275b67703b366af899aa32b036f76573456eae072f67c6c948b0226fcc56e1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b4aa871cf7a0f6d1a57d38291c883e0d

SHA1
994333b6e1cb36c534f4b34a9db69dac5dac7d46

SHA256
37995fb13ec450ac331e5d15ecd5df41dc12d84b2f95254d2f69b4e6d374e14a

SHA512
adb82bcc1f5d2cb3a7619e1f756b24539a398719e2b0e76d506f7cdff2302a53c2bf9aa43852f58534324bf074ac37ce466e45e1d1552a830fb4cf6ad9baae53

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b4aa871cf7a0f6d1a57d38291c883e0d

SHA1
994333b6e1cb36c534f4b34a9db69dac5dac7d46

SHA256
37995fb13ec450ac331e5d15ecd5df41dc12d84b2f95254d2f69b4e6d374e14a

SHA512
adb82bcc1f5d2cb3a7619e1f756b24539a398719e2b0e76d506f7cdff2302a53c2bf9aa43852f58534324bf074ac37ce466e45e1d1552a830fb4cf6ad9baae53

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
34754fe1f4abea623be7dadcdaa20cef

SHA1
94a303cf626b30ff9b4b9106d4800b8159d7fc1a

SHA256
2b85e7a88dd938fb6f773969ff3a1cf9f56b0333803a39404b40c086305b0457

SHA512
03fb613f743e56964d9eb3c198727431e496dcd2cb55514081f4cd45ad70a1e1d23300a230c5f6176217eb088274abb285449ce2f8a6743cc30826e402389753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
8e747ab737ae718077b014ded6b82c85

SHA1
ffae1631a1847511af27f43f90d390436ef42a14

SHA256
a1abbc96f47ed84e20767263c97d41e9c6463b67acd3e91e46b1f82a0e548b93

SHA512
2806697471b95c8281e374fc0baf4747aa85b8c14383fdc65c06c0cdb2b5783348ba8d4e4ebc433a1609f23b86d9733aaaa127e8c5f62a44ca3a23dc7ae016e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
8e747ab737ae718077b014ded6b82c85

SHA1
ffae1631a1847511af27f43f90d390436ef42a14

SHA256
a1abbc96f47ed84e20767263c97d41e9c6463b67acd3e91e46b1f82a0e548b93

SHA512
2806697471b95c8281e374fc0baf4747aa85b8c14383fdc65c06c0cdb2b5783348ba8d4e4ebc433a1609f23b86d9733aaaa127e8c5f62a44ca3a23dc7ae016e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
34754fe1f4abea623be7dadcdaa20cef

SHA1
94a303cf626b30ff9b4b9106d4800b8159d7fc1a

SHA256
2b85e7a88dd938fb6f773969ff3a1cf9f56b0333803a39404b40c086305b0457

SHA512
03fb613f743e56964d9eb3c198727431e496dcd2cb55514081f4cd45ad70a1e1d23300a230c5f6176217eb088274abb285449ce2f8a6743cc30826e402389753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
8e747ab737ae718077b014ded6b82c85

SHA1
ffae1631a1847511af27f43f90d390436ef42a14

SHA256
a1abbc96f47ed84e20767263c97d41e9c6463b67acd3e91e46b1f82a0e548b93

SHA512
2806697471b95c8281e374fc0baf4747aa85b8c14383fdc65c06c0cdb2b5783348ba8d4e4ebc433a1609f23b86d9733aaaa127e8c5f62a44ca3a23dc7ae016e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
34754fe1f4abea623be7dadcdaa20cef

SHA1
94a303cf626b30ff9b4b9106d4800b8159d7fc1a

SHA256
2b85e7a88dd938fb6f773969ff3a1cf9f56b0333803a39404b40c086305b0457

SHA512
03fb613f743e56964d9eb3c198727431e496dcd2cb55514081f4cd45ad70a1e1d23300a230c5f6176217eb088274abb285449ce2f8a6743cc30826e402389753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
34754fe1f4abea623be7dadcdaa20cef

SHA1
94a303cf626b30ff9b4b9106d4800b8159d7fc1a

SHA256
2b85e7a88dd938fb6f773969ff3a1cf9f56b0333803a39404b40c086305b0457

SHA512
03fb613f743e56964d9eb3c198727431e496dcd2cb55514081f4cd45ad70a1e1d23300a230c5f6176217eb088274abb285449ce2f8a6743cc30826e402389753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b4145f93198dc15dff0ab548d4b1d7c0

SHA1
644b500cf4fe0a9c5c7ff270d5b9a6fe00467a3a

SHA256
67b03cea48a8d20c1bf2d6cd06f7e70f30d0c6982252ac00ebc474967acadaec

SHA512
dbe5352b4f9fa3fbe07e0c2a5100b8072f7909d130414408181dd05457403b047d3c3194dba9232334f0fa9072d98f6771ba95e0fe6d982920638b1751e1e75c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6b819111713c16116a82133cbc84042d

SHA1
633c73d2ba8887233bc1c236548b01766d59affe

SHA256
c97db199539050784cb6b05c2e5e3b6909ca351e4af3dd833fe6346b079417e1

SHA512
849b6ad0a9af09b9d55fa5ce1c2102eadfa01d68262b280513b17c0da23a053648a825d4dfa44b753177e4ad462a5686bbf86b8e393c81bf97da6293c17b3a87

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
76b8cf73f43379d284ec51977b187a0b

SHA1
a53e672cdf175dc9e24150ea14cee375c077c0b2

SHA256
dd364ebfa8c3bdec1317fda85c7c788c33e849bddaab59caba353ab30b5b251b

SHA512
a8c2fbd1e95b23dcf7652e9bd411d67f30467de4e0eb2f5064145ff82edd7d17871e1e4b41004facce908e624ee14d42d789fcc2bde4086e5dc2c240d20d785e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
76b8cf73f43379d284ec51977b187a0b

SHA1
a53e672cdf175dc9e24150ea14cee375c077c0b2

SHA256
dd364ebfa8c3bdec1317fda85c7c788c33e849bddaab59caba353ab30b5b251b

SHA512
a8c2fbd1e95b23dcf7652e9bd411d67f30467de4e0eb2f5064145ff82edd7d17871e1e4b41004facce908e624ee14d42d789fcc2bde4086e5dc2c240d20d785e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
76b8cf73f43379d284ec51977b187a0b

SHA1
a53e672cdf175dc9e24150ea14cee375c077c0b2

SHA256
dd364ebfa8c3bdec1317fda85c7c788c33e849bddaab59caba353ab30b5b251b

SHA512
a8c2fbd1e95b23dcf7652e9bd411d67f30467de4e0eb2f5064145ff82edd7d17871e1e4b41004facce908e624ee14d42d789fcc2bde4086e5dc2c240d20d785e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4d8d46da0c6256450d44b561af796bea

SHA1
28f5a32e4e330b850e82cc66c6bebda8b791e57b

SHA256
0223299ecdcac30e394c09d205384333a0a3fba3417ce0b963cc2d768ec2b433

SHA512
ec2f9e207f07595c9dda555ae8423b429751757ef7d732f8d7d6500b3d8163d21f8968e61e7afabeeeba7950ac66996867c6d265653809b768ad7dc03ad66c95

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4d8d46da0c6256450d44b561af796bea

SHA1
28f5a32e4e330b850e82cc66c6bebda8b791e57b

SHA256
0223299ecdcac30e394c09d205384333a0a3fba3417ce0b963cc2d768ec2b433

SHA512
ec2f9e207f07595c9dda555ae8423b429751757ef7d732f8d7d6500b3d8163d21f8968e61e7afabeeeba7950ac66996867c6d265653809b768ad7dc03ad66c95

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ccd71eefc256c54039f0930e4b17c4ab

SHA1
eb22a83e4865eff643d5fa727093b2883c7345c5

SHA256
1c9793c708b3e528843e18e37b7914a67b95031c249f1e846de3cd4ffc8b8dc4

SHA512
ff687a3c9ce3d30fa08ce6b3f844e754d6bce909522527da9cba707b977afa899da67f643346e9576be8d24dd232c42ce992a68e6819edcb9584110ad1959a56

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
99f1d214c2cfd01855712a30ff24fe85

SHA1
c81be2fbfd058afe97c959c42a9c9a3ad990a921

SHA256
50ffb2c36cc862abc41ca6b5df911409016ae2c4d98b497d5eb9e5f45448f33b

SHA512
9cf8b9554556aa8ff6bfbaa48b94c0fb76057b03c11584dee5539827ca188e5cff3dcb11f3a548e2e64367a427a77f1c1436237abe03016b81741c83ba9e2b8a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d8d5cec5fcf221aa03828df4decd9842

SHA1
705ed8565ef6db2190178b45e68af701df9f4a91

SHA256
53778a159a974f35a6d9c7b8d064e5ce55e59107b532f29fe68facf3c908ef49

SHA512
1f5c451ec6cd13efb9b2be233732451a80dae97707cffbeb76a88d6ed6550a160ccabe4c8955969576bc34fdaed1552742cdc5173bed859028aab32046f47927

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d8d5cec5fcf221aa03828df4decd9842

SHA1
705ed8565ef6db2190178b45e68af701df9f4a91

SHA256
53778a159a974f35a6d9c7b8d064e5ce55e59107b532f29fe68facf3c908ef49

SHA512
1f5c451ec6cd13efb9b2be233732451a80dae97707cffbeb76a88d6ed6550a160ccabe4c8955969576bc34fdaed1552742cdc5173bed859028aab32046f47927

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
bca01af10aac7833188c47d7fec17196

SHA1
7f7898da333b924bd358aeb9936a944eb8bf3c09

SHA256
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

SHA512
4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
bca01af10aac7833188c47d7fec17196

SHA1
7f7898da333b924bd358aeb9936a944eb8bf3c09

SHA256
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

SHA512
4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
bca01af10aac7833188c47d7fec17196

SHA1
7f7898da333b924bd358aeb9936a944eb8bf3c09

SHA256
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

SHA512
4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032

Download Submit
\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
bca01af10aac7833188c47d7fec17196

SHA1
7f7898da333b924bd358aeb9936a944eb8bf3c09

SHA256
734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

SHA512
4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032

Download Submit
memory/1192-375-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1192-63-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1192-255-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1192-400-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1380-85-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1380-64-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1380-258-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1880-385-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1880-427-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1968-428-0x0000000000230000-0x00000000012B4000-memory.dmp

Filesize
16.5MB

Download
memory/1996-80-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/1996-394-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1996-81-0x0000000000B70000-0x0000000000B71000-memory.dmp

Filesize
4KB

Download
memory/1996-231-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1996-54-0x0000000000B80000-0x0000000001C04000-memory.dmp

Filesize
16.5MB

Download
memory/1996-56-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download