Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
anydesk.exe

Overview

General Information

Sample Name:anydesk.exe
Analysis ID:1295586
MD5:30c9c57aa570088d745fac7bfd05b805
SHA1:d579d18848859614e219afa6332d410e0ca71fc3
SHA256:8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Detected unpacking (changes PE section rights)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Sample file is different than original file name gathered from version info
OS version to string mapping found (often used in BOTs)
Drops PE files
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • anydesk.exe (PID: 6632 cmdline: C:\Users\user\Desktop\anydesk.exe MD5: 30C9C57AA570088D745FAC7BFD05B805)
    • anydesk.exe (PID: 6696 cmdline: "C:\Users\user\Desktop\anydesk.exe" --local-service MD5: 30C9C57AA570088D745FAC7BFD05B805)
    • anydesk.exe (PID: 6704 cmdline: "C:\Users\user\Desktop\anydesk.exe" --local-control MD5: 30C9C57AA570088D745FAC7BFD05B805)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: anydesk.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 185.229.191.44:443 -> 192.168.2.4:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.83.238.212:443 -> 192.168.2.4:49710 version: TLS 1.2
PE / OLE file has a valid certificate
Source: anydesk.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: anydesk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: anydesk.exe, 00000001.00000002.743179436.000000006C11A000.00000002.00000001.01000000.0000000B.sdmp, anydesk.exe, 00000001.00000002.742898552.0000000005A63000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.743086514.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227848542.00000000064A7000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.742156505.0000000004707000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227557502.00000000025D9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-64\privacy_feature\privacy_feature.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: anydesk.exe, 00000000.00000000.204703767.0000000001E9F000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000001.00000000.210931849.0000000001E9F000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-32\win_dwm\win_dwm.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-64\win_dwm\win_dwm.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-32\privacy_feature\privacy_feature.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: anydesk.exe, 00000001.00000002.743179436.000000006C11A000.00000002.00000001.01000000.0000000B.sdmp, anydesk.exe, 00000001.00000002.742898552.0000000005A63000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.743086514.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227848542.00000000064A7000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.742156505.0000000004707000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227557502.00000000025D9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SAS.pdbR source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: SAS.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Joe Sandbox ViewJA3 fingerprint: c91bde19008eefabce276152ccd51457
Source: Joe Sandbox ViewIP Address: 185.229.191.44 185.229.191.44
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=https%3A//anydesk.com/ equals www.facebook.com (Facebook)
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Remote%20Desktop&summary=AnyDesk%20is%20a%20small%20and%20quick%20solution%20for%20screen%20sharing%20and%20remote%20collaboration.%20Get%20it%20here%3A%20https%3A//anydesk.com/&source= equals www.linkedin.com (Linkedin)
Source: anydesk.exe, 00000000.00000003.209636812.0000000003CDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: hare.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Remote%20Desktop&summary=AnyDesk%20is%20a%20small%20and%20quick%20solution%20for%20screen%20sharing%20and%20remote%20collaboration.%20Get%20it%20here%3A%20https%3A//anydesk.com/&source=io equals www.linkedin.com (Linkedin)
Source: anydesk.exe, 00000000.00000003.210392750.0000000004821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ado/1
Source: anydesk.exe, 00000000.00000003.210392750.0000000004821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
Source: anydesk.exe, 00000000.00000003.210392750.0000000004821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.cobj
Source: anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://support.anydesk.com
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.opengl.org/registry/
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.openssl.org/)
Source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com
Source: anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/
Source: anydesk.exe, 00000000.00000003.209581317.00000000044FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/0
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/company#imprint
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/contact/sales
Source: anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/contact/sales)
Source: anydesk.exe, 00000000.00000003.208794988.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209227996.0000000003CFC000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.208727111.0000000003CC0000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209053335.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.208890440.0000000003CED000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209274379.0000000003D0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/l
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/order
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/pricing/teams
Source: anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/pricing/teams)
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/privacy
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/terms
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://anydesk.com/update
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://boot-01.net.anydesk.com
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://console-ui.myanydesk2.on.anydesk.com
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/$
Source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/access
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/backup-alias
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/it/abuse
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/it/android
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/it/android-battery
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/lt/abuse
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/lt/android
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/lt/android-battery
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/share
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://help.anydesk.com/wol
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com/password-generator.
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://my.anydesk.com/v2
Source: anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://order.anydesk.com/trial
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://policies.google.com/privacy
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=$
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=it
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/AnyDesk_on_macOS
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/account-migration
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-account
Source: anydesk.exe, 00000000.00000003.209998344.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting
Source: anydesk.exe, 00000000.00000003.209998344.0000000003CF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingXCeP&
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/my-anydesk-ii#user-management
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/users
Source: anydesk.exe, 00000001.00000002.743179436.000000006C11A000.00000002.00000001.01000000.0000000B.sdmp, anydesk.exe, 00000001.00000003.227557502.00000000025D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailed
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://twitter.com/home?status=Do%20you%20know%20%23AnyDesk?%20AnyDesk%20is%20a%20small%20and%20qui
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.google.com/intl/$
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.google.com/intl/it/chrome/privacy/eula_text.html
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209636812.0000000003CDB000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Rem
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library
Source: unknownHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/7.1.13Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"f3eb68f5f8365c92894e1ed74e919d4a","session_id":1692753836373372,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}Data Raw: Data Ascii:
Source: unknownDNS traffic detected: queries for: boot.net.anydesk.com
Source: unknownHTTPS traffic detected: 185.229.191.44:443 -> 192.168.2.4:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.83.238.212:443 -> 192.168.2.4:49710 version: TLS 1.2
Source: anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateExmemstr_7dda2213-4
Source: anydesk.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: anydesk.exeStatic PE information: No import functions for PE file found
Source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs anydesk.exe
Source: anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs anydesk.exe
Source: anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesas.dllj% vs anydesk.exe
Source: C:\Users\user\Desktop\anydesk.exeFile read: C:\Users\user\Desktop\anydesk.exeJump to behavior
Source: anydesk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\anydesk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\anydesk.exe C:\Users\user\Desktop\anydesk.exe
Source: C:\Users\user\Desktop\anydesk.exeProcess created: C:\Users\user\Desktop\anydesk.exe "C:\Users\user\Desktop\anydesk.exe" --local-service
Source: C:\Users\user\Desktop\anydesk.exeProcess created: C:\Users\user\Desktop\anydesk.exe "C:\Users\user\Desktop\anydesk.exe" --local-control
Source: C:\Users\user\Desktop\anydesk.exeProcess created: C:\Users\user\Desktop\anydesk.exe "C:\Users\user\Desktop\anydesk.exe" --local-serviceJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeProcess created: C:\Users\user\Desktop\anydesk.exe "C:\Users\user\Desktop\anydesk.exe" --local-controlJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2155fee3-2419-4373-b102-6843707eb41f}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Desktop\anydesk.exeFile created: C:\Users\user\AppData\Roaming\AnyDeskJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to behavior
Source: classification engineClassification label: mal51.evad.winEXE@5/8@5/5
Source: C:\Users\user\Desktop\anydesk.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6632_1976279180_0_mtx
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_6696_2005757042_mtx
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6704_2009775497_1_mtx
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_7113_lsystem_mtx
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6632_1976279180_1_mtx
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6704_2009775497_0_mtx
Source: C:\Users\user\Desktop\anydesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx
Source: C:\Users\user\Desktop\anydesk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeWindow found: window name: SysTabControl32Jump to behavior
Source: anydesk.exeStatic file information: File size 4040776 > 1048576
Source: anydesk.exeStatic PE information: certificate valid
Source: anydesk.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x3ce200
Source: anydesk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: anydesk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdbGCTL source: anydesk.exe, 00000001.00000002.743179436.000000006C11A000.00000002.00000001.01000000.0000000B.sdmp, anydesk.exe, 00000001.00000002.742898552.0000000005A63000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.743086514.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227848542.00000000064A7000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.742156505.0000000004707000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227557502.00000000025D9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-64\privacy_feature\privacy_feature.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: anydesk.exe, 00000000.00000000.204703767.0000000001E9F000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000001.00000000.210931849.0000000001E9F000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-32\win_dwm\win_dwm.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-64\win_dwm\win_dwm.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\dda-32\privacy_feature\privacy_feature.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb source: anydesk.exe, 00000001.00000002.743179436.000000006C11A000.00000002.00000001.01000000.0000000B.sdmp, anydesk.exe, 00000001.00000002.742898552.0000000005A63000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.743086514.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227848542.00000000064A7000.00000004.00000001.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.742156505.0000000004707000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000003.227557502.00000000025D9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SAS.pdbR source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: SAS.pdb source: anydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.739029352.0000000001D76000.00000004.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.739018674.0000000001D76000.00000004.00000001.01000000.00000003.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\anydesk.exeUnpacked PE file: 1.2.anydesk.exe.11f0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\anydesk.exeUnpacked PE file: 2.2.anydesk.exe.11f0000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\anydesk.exeCode function: 1_3_046F2457 push ebp; retf 1_3_046F2458
Source: C:\Users\user\Desktop\anydesk.exeCode function: 1_3_046F2457 push ebp; retf 1_3_046F2458
Source: C:\Users\user\Desktop\anydesk.exeCode function: 1_3_046F2457 push ebp; retf 1_3_046F2458
Source: C:\Users\user\Desktop\anydesk.exeCode function: 1_3_046F2457 push ebp; retf 1_3_046F2458
Source: C:\Users\user\Desktop\anydesk.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
Source: C:\Users\user\Desktop\anydesk.exeFile created: C:\Users\user\Desktop\gcapi.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)
Source: C:\Users\user\Desktop\anydesk.exeFile opened: C:\Users\user\Desktop\anydesk.exe:Zone.Identifier read attributes | deleteJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
Source: C:\Users\user\Desktop\anydesk.exe TID: 6672Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6676Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6692Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6672Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6748Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6752Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6804Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6756Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exe TID: 6748Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
Source: C:\Users\user\Desktop\anydesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Desktop\anydesk.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: anydesk.exe, 00000001.00000002.741745063.000000000258B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\anydesk.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\anydesk.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\anydesk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: anydesk.exe, 00000001.00000002.739215294.0000000001E21000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: b44b97caebbcaac9745bd6b5822bd03ee298d6bfrelease/win_7.1.xcc0bc82657f3409854116e83c8d7018c
Source: anydesk.exe, 00000001.00000002.739215294.0000000001E21000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: release/win_7.1.x
Source: anydesk.exe, 00000001.00000000.210931849.0000000001E9F000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: .itext.text.customcc0bc82657f3409854116e83c8d7018crelease/win_7.1.xb44b97caebbcaac9745bd6b5822bd03ee298d6bf

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts421
Windows Management Instrumentation		Path Interception1
Process Injection		1
Masquerading		1
Input Capture		411
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)331
Virtualization/Sandbox Evasion		Security Account Manager331
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Hidden Files and Directories		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information		Cached Domain Credentials133
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Software Packing		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
anydesk.exe0%ReversingLabs
anydesk.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\gcapi.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\gcapi.dll0%VirustotalBrowse
C:\Users\user\Desktop\gcapi.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
api.playanext.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://ns.adobe.c/g0%URL Reputationsafe
http://ns.adobe.cobj0%URL Reputationsafe
http://ns.ado/10%URL Reputationsafe
https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d1atxff5avezsq.cloudfront.net
18.66.26.98
truefalse
    		high
    boot.net.anydesk.com
    		185.229.191.44
    		truefalse
      		high
      relay-bf60063b.net.anydesk.com
      		51.83.238.212
      		truefalse
        		high
        api.playanext.com
        		unknown
        		unknownfalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://api.playanext.comUser-Agent: AnyDesk/7.1.13Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"f3eb68f5f8365c92894e1ed74e919d4a","session_id":1692753836373372,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}/httpapifalse
          		low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://support.anydesk.com/knowledge/usersanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
            		high
            https://support.anydesk.com/anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
              		high
              https://order.anydesk.com/trialanydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                		high
                https://anydesk.com/updateanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                  		high
                  https://www.google.com/chrome/privacy/eula_text.htmlanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://www.google.com/intl/$anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                      		high
                      https://help.anydesk.com/lt/abuseanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                        		high
                        https://help.anydesk.com/lt/android-batteryanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                          		high
                          https://my.anydesk.comanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://ns.adobe.c/ganydesk.exe, 00000000.00000003.210392750.0000000004821000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://help.anydesk.com/it/abuseanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                              		high
                              https://help.anydesk.com/it/android-batteryanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                		high
                                https://twitter.com/home?status=Do%20you%20know%20%23AnyDesk?%20AnyDesk%20is%20a%20small%20and%20quianydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                  		high
                                  https://support.anydesk.com/knowledge/my-anydesk-ii#user-managementanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                    		high
                                    http://www.openssl.org/support/faq.htmlanydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://anydesk.com/anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                        		high
                                        https://anydesk.com/privacyanydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                          		high
                                          https://datatracker.ietf.org/ipr/1526/anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            https://www.nayuki.io/page/qr-code-generator-libraryanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                              		high
                                              https://policies.google.com/privacy?hl=itanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                		high
                                                https://policies.google.com/privacy?hl=$anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                  		high
                                                  https://help.anydesk.comanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                    		high
                                                    https://support.anydesk.com/AnyDesk_on_macOSanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                      		high
                                                      https://anydesk.com/pricing/teamsanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                        		high
                                                        https://anydesk.com/0anydesk.exe, 00000000.00000003.209581317.00000000044FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://datatracker.ietf.org/ipr/1914/anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                            		high
                                                            https://anydesk.com/termsanydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              https://support.anydesk.com/knowledge/account-migrationanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                		high
                                                                https://www.google.com/intl/it/chrome/privacy/eula_text.htmlanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                  		high
                                                                  https://anydesk.com/orderanydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                    		high
                                                                    https://help.anydesk.com/backup-aliasanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                      		high
                                                                      https://anydesk.com/contact/salesanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                        		high
                                                                        https://help.anydesk.com/it/androidanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                          		high
                                                                          https://my.anydesk.com/password-generator.anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                            		high
                                                                            https://help.anydesk.com/anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                              		high
                                                                              https://anydesk.comanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                		high
                                                                                https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootinganydesk.exe, 00000000.00000003.209998344.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                  		high
                                                                                  http://ns.adobe.cobjanydesk.exe, 00000000.00000003.210392750.0000000004821000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.opengl.org/registry/anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                    		high
                                                                                    https://anydesk.com/contact/sales)anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                      		high
                                                                                      https://help.anydesk.com/lt/androidanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                        		high
                                                                                        https://help.anydesk.com/wolanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                          		high
                                                                                          https://help.anydesk.com/$anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                            		high
                                                                                            https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Remanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209636812.0000000003CDB000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                              		high
                                                                                              https://console-ui.myanydesk2.on.anydesk.comanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                		high
                                                                                                http://support.anydesk.comanydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                  		high
                                                                                                  https://anydesk.com/lanydesk.exe, 00000000.00000003.208794988.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209227996.0000000003CFC000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.208727111.0000000003CC0000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209053335.0000000003CEE000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.208890440.0000000003CED000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000000.00000003.209274379.0000000003D0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.google.com/chrome/contact/chromeuninstall3?hl=$1microsoft-edge:openFailedanydesk.exe, 00000001.00000002.743179436.000000006C11A000.00000002.00000001.01000000.0000000B.sdmp, anydesk.exe, 00000001.00000003.227557502.00000000025D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://help.anydesk.com/HelpLinkInstallLocationAnyDeskanydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                        		high
                                                                                                        https://boot-01.net.anydesk.comanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshootingXCeP&anydesk.exe, 00000000.00000003.209998344.0000000003CF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://datatracker.ietf.org/ipr/1524/anydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              https://my.anydesk.com/v2anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                		high
                                                                                                                https://policies.google.com/privacyanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://anydesk.com/company#imprintanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.openssl.org/)anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://anydesk.com/pricing/teams)anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://help.anydesk.com/accessanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalueanydesk.exe, 00000000.00000003.206405730.0000000002C8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://help.anydesk.com/shareanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://ns.ado/1anydesk.exe, 00000000.00000003.210392750.0000000004821000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalidanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmp, anydesk.exe, 00000002.00000002.738229674.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://support.anydesk.com/knowledge/anydesk-accountanydesk.exe, 00000000.00000003.206405730.000000000228A000.00000004.00000020.00020000.00000000.sdmp, anydesk.exe, 00000001.00000002.738243482.000000000186E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                		high

                                                                                                                                World Map of Contacted IPs

                                                                                                                                • No. of IPs < 25%
                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                • 75% < No. of IPs

                                                                                                                                Public IPs

                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                51.83.238.212
                                                                                                                                		relay-bf60063b.net.anydesk.comFrance
                                                                                                                                		16276OVHFRfalse
                                                                                                                                185.229.191.44
                                                                                                                                		boot.net.anydesk.comCzech Republic
                                                                                                                                		60068CDN77GBfalse
                                                                                                                                92.223.88.41
                                                                                                                                		unknownAustria
                                                                                                                                		199524GCOREATfalse
                                                                                                                                18.66.26.35
                                                                                                                                		unknownUnited States
                                                                                                                                		3MIT-GATEWAYSUSfalse

                                                                                                                                Private

                                                                                                                                IP
                                                                                                                                192.168.2.1

                                                                                                                                General Information

                                                                                                                                Joe Sandbox Version:38.0.0 Beryl
                                                                                                                                Analysis ID:1295586
                                                                                                                                Start date and time:2023-08-23 03:22:54 +02:00
                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                Overall analysis duration:0h 12m 56s
                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                Report type:full
                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                Number of analysed new started processes analysed:28
                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                Number of existing processes analysed:0
                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                Number of injected processes analysed:0
                                                                                                                                Technologies:
                                                                                                                                • HCA enabled
                                                                                                                                • EGA enabled
                                                                                                                                • HDC enabled
                                                                                                                                • AMSI enabled
                                                                                                                                Analysis Mode:default
                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                Sample file name:anydesk.exe
                                                                                                                                Detection:MAL
                                                                                                                                Classification:mal51.evad.winEXE@5/8@5/5
                                                                                                                                EGA Information:Failed
                                                                                                                                HDC Information:Failed
                                                                                                                                HCA Information:
                                                                                                                                • Successful, ratio: 100%
                                                                                                                                • Number of executed functions: 0
                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                Cookbook Comments:
                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                • Override analysis time to 240s for rundll32

                                                                                                                                Warnings

                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, kv601.prod.do.dsp.mp.microsoft.com, geover.prod.do.dsp.mp.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, eudb.ris.api.iris.microsoft.com, displaycatalog.mp.microsoft.com, arc.msn.com
                                                                                                                                • Execution Graph export aborted for target anydesk.exe, PID 6696 because there are no executed function
                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                Simulations

                                                                                                                                Behavior and APIs

                                                                                                                                TimeTypeDescription
                                                                                                                                03:23:54API Interceptor1x Sleep call for process: anydesk.exe modified

                                                                                                                                Joe Sandbox View / Context

                                                                                                                                IPs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                185.229.191.44AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  AnyDesk-CM.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    AnyDesk (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                      AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        https://anydesk.com/en/downloads/windows?dv=win_exeGet hashmaliciousUnknownBrowse
                                                                                                                                          AnyDesk(1).msiGet hashmaliciousUnknownBrowse
                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              Microsoft.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                http://anydesk.comGet hashmaliciousUnknownBrowse
                                                                                                                                                  https://ms94.yolasite.com/Get hashmaliciousUnknownBrowse

                                                                                                                                                    Domains

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    d1atxff5avezsq.cloudfront.netAnyDesk (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 18.66.218.75
                                                                                                                                                    92f25a21-b9c1-4aee-af3e-cacf098605e9Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 18.66.97.18
                                                                                                                                                    https://download.filezilla-project.org/client/FileZilla_3.63.2.1_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 18.66.97.82
                                                                                                                                                    IxwmWTyePr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 13.224.103.61
                                                                                                                                                    AnyDesk261022.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 18.66.97.76
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 18.66.192.103
                                                                                                                                                    Microsoft.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 13.224.103.47
                                                                                                                                                    SuspectFile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 18.66.97.18
                                                                                                                                                    DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exeGet hashmaliciousAsyncRAT, RedLineBrowse
                                                                                                                                                    • 13.226.158.101
                                                                                                                                                    AnyDesk (3).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 108.156.46.84
                                                                                                                                                    handelsbankensupport.com-AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 13.224.96.25
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 52.85.14.29
                                                                                                                                                    AnyDesk_ETS_WIN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 13.224.196.114
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 13.32.14.27
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 143.204.98.106
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 143.204.98.24
                                                                                                                                                    nqG4It8G4V.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 143.204.202.109
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 13.32.25.101

                                                                                                                                                    ASNs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    OVHFRK67N7nJpIi.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                    • 139.99.118.5
                                                                                                                                                    https://www.linkedin.com/slink?code=eqX4gZJd#dG9tLm1jY2Fycm9uQHJhdmVpcy5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                    • 51.68.200.63
                                                                                                                                                    ORDER_QUOTATION_LIST.pdf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                    • 54.37.0.50
                                                                                                                                                    https://www.linkedin.com/slink?code=eqX4gZJd#bWFyaWUtcGllci5jYXJkaW5AbWV0YWx1cy5xYy5jYQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                    • 51.68.200.63
                                                                                                                                                    https://fotorussia.su/pl/delete-pl/jak-trwale-usun-wiadomoci-e-mail-z-programu-outlook/Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.89.9.252
                                                                                                                                                    http://amscottfinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 192.99.158.241
                                                                                                                                                    PAYMENT_TT_COPY_SWIFT.pdf.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                    • 54.37.0.50
                                                                                                                                                    INVOICE-4500986-GMARK.docGet hashmaliciousFormBookBrowse
                                                                                                                                                    • 51.79.96.115
                                                                                                                                                    ORDER.docGet hashmaliciousFormBookBrowse
                                                                                                                                                    • 91.121.217.27
                                                                                                                                                    Lc3269IMw7.msiGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                    • 146.59.70.14
                                                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                    • 149.202.0.242
                                                                                                                                                    https://96ly92l8.r.eu-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fslink%3Fcode=g7CkmCM6%26url=facebook.com%26sa=D%26sntz=1%26usg=AOvVaw1RrkcTDMPWdBqZe9a9yMn_%23Y2hlbHNlYS5oZWxta2FtcEB2YWlsaGVhbHRoLm9yZw==/1/0107018a19c0d769-c5a70b81-4661-4324-8464-db8612b66864-000000/i_pjFblNYhWqTSkIWwePHJMoWMQ=116Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.38.169.113
                                                                                                                                                    BWJ3Dpilxzevuv4T.dllGet hashmaliciousEmotetBrowse
                                                                                                                                                    • 91.121.146.47
                                                                                                                                                    BWJ3Dpilxzevuv4T.dllGet hashmaliciousEmotetBrowse
                                                                                                                                                    • 91.121.146.47
                                                                                                                                                    Setup.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                    • 146.59.70.14
                                                                                                                                                    https://96ly92l8.r.eu-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fslink%3Fcode=gUnTJx-n%26url=facebook.com%26sa=D%26sntz=1%26usg=AOvVaw1RrkcTDMPWdBqZe9a9yMn_%23YW15LmFiZXJuYXRoeUBhYXJjb3JwLmNvbQ==/1/0107018a195cc3a7-3e97fab2-25d7-455a-9481-273ee653f608-000000/_nmLiX1ckveGX2p108PB9qlTsNs=116Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.210.207.91
                                                                                                                                                    https://tunisiamode.com/magento_recaptcha.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 188.165.196.148
                                                                                                                                                    https://96ly92l8.r.eu-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fslink%3Fcode=g7CkmCM6%26url=facebook.com%26sa=D%26sntz=1%26usg=AOvVaw1RrkcTDMPWdBqZe9a9yMn_%23Ym9iLnN0YWNleUBhYXJjb3JwLmNvbQ==/1/0107018a19465984-6dafa027-bdfa-4369-bd0e-6d217db029b3-000000/3ziaDiGjgyTJemqbs01RXvBuQX8=116Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.38.169.113
                                                                                                                                                    https://dcmetro.rvidence.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 192.99.158.241
                                                                                                                                                    125635748.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.77.42.240

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    c91bde19008eefabce276152ccd51457AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    92f25a21-b9c1-4aee-af3e-cacf098605e9Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44
                                                                                                                                                    AnyDesk(1).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 51.83.238.212
                                                                                                                                                    • 185.229.191.44

                                                                                                                                                    Dropped Files

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gcapi.dllAnyDesk (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      92f25a21-b9c1-4aee-af3e-cacf098605e9Get hashmaliciousUnknownBrowse
                                                                                                                                                        Modulo.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                                          AnyDesk261022.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              comprovante.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                                                Regularize.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                                                  presidentes.msiGet hashmaliciousDanaBotBrowse
                                                                                                                                                                    NotaFiscal.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                      Microsoft.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        SuspectFile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          AnyDesk (5).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            AnyDesk (3).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              handelsbankensupport.com-AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  AnyDesk_ETS_WIN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    YfbB61z87a.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                      AnyDesk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gcapi.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):394240
                                                                                                                                                                                        Entropy (8bit):6.700175464943679
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                                                                                                        MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                                                                                                        SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                                                                                                        SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                                                                                                        SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: AnyDesk (2).exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 92f25a21-b9c1-4aee-af3e-cacf098605e9, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: Modulo.msi, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk261022.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: comprovante.msi, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: Regularize.msi, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: presidentes.msi, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: NotaFiscal.msi, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: Microsoft.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: SuspectFile.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk (5).exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk (3).exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: handelsbankensupport.com-AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk_ETS_WIN.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: YfbB61z87a.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\AnyDesk\ad.trace

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):66030
                                                                                                                                                                                        Entropy (8bit):4.232902601755067
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:Ux2oZxr+WMdNOUaWpoL4BbwmE90m2AMaWReRLbw3Sm3dt2kv81fpdMAcu2qELt:U/ZxEDm0iFufpk1fpdMAcu2qo
                                                                                                                                                                                        MD5:4155364D282D48E68C885D5998AD33A1
                                                                                                                                                                                        SHA1:D815AE8D9A0AA485071BCE61DB579AAB7491A40B
                                                                                                                                                                                        SHA-256:1FDFD527AC530B2AC92DDA660FBDB649F86E60F1A2C11DBA899F6C8F66CE1255
                                                                                                                                                                                        SHA-512:E5A90931BFEE04B7AABD6119FDE93F643F07A26D0F83A55D392E06B4594AF1EBC3A9ADF58493AB54105CC45C7399D556DD00C79DC80D539CF4157C773B9A0373
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview: * * * * * * * * * * * * * * * * * *.. info 2023-08-23 01:23:47.307 front 6632 6636 main - * AnyDesk Windows Startup *.. info 2023-08-23 01:23:47.307 front 6632 6636 main - * Version 7.1.13 (release/win_7.1.x b44b97caebbcaac9745bd6b5822bd03ee298d6bf).. info 2023-08-23 01:23:47.307 front 6632 6636 main - * Checksum cc0bc82657f3409854116e83c8d7018c.. info 2023-08-23 01:23:47.307 front 6632 6636 main - * Build 20230627141804.. info 2023-08-23 01:23:47.307 front 6632 6636 main - * Copyright (C) 2023 AnyDesk Software GmbH *.. info 2023-08-23 01:23:47.323 front 6632 6636 main - .. info 2023-08-23 01:23:47.323 front 6632 6636 main - Command Line params: "C:\Users\user\Desktop\anydesk.exe".

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\AnyDesk\service.conf

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (1747)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):2966
                                                                                                                                                                                        Entropy (8bit):6.037656385496609
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:uISTEF/i9Z6dHIkHPp836zHOmjs0Jk/DeqTPJKcHB/HGFJXsxqOzrMIgvGtYg:uISTENi9ZsI+P86umAakqqzh07YyGtYg
                                                                                                                                                                                        MD5:3B90A4ED357C6F558B50138CF0BAC3DB
                                                                                                                                                                                        SHA1:484F6A0C287B4C417E944DB5D06292908B29C3B1
                                                                                                                                                                                        SHA-256:FF9B74E462FF384444569E0C6A426F7988E27682D9633190D40BA079B4C61950
                                                                                                                                                                                        SHA-512:FE117C39C46D4239C0686BEA42DBD880CECFBE997F657BF3BD152180C16A839ED5B411DF2ACAA024981A86700BDE1C5088E41F703B05EF219FDA702C069B1057
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:ad.anynet.cert=-----BEGIN CERTIFICATE-----\nMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBD\nbGllbnQwIBcNMjMwODIzMDEyMzUzWhgPMjA3MzA4MTAwMTIzNTNaMBkxFzAVBgNV\nBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA7tUstqptUe6pOKYE8XNfaG1AQA4mTCr+AabLAgx50M9nxiT3WvqPfP/Ca8Kk\nottrj1Lp2Bwyv8BQU74acgp7j3PaGHHbwiXJO66xWNUPN1udQkca+HLQ6slUId4U\nglh99R2/tx/KRU3q9kaaBp0mqYixYCoOhIRX30viGh1R3yrRj1ox2rKeB13McUKD\nmRZzbFqAJHMspPVyan37f675fKePDYLK2laFEEdwHC6ZKoFeTEv8Nn/Y15wJgqcr\nHJ0JJbrZHpuZLcyauMtGJQL7VJRx8tZAw2GrP7NeTuJc6tp9S6wsv26BDmltxcvr\nZaIbVjOfIbQeiOhFfNiIRPsYoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCxJ4S7\n8lXTg5vb3+X4qAn+bvZn/6k+jyN+Wgn97Zfo8IdbSiSGvI41xL9NSDB9TP4/XaeI\n5UHBhfMIYKuh3w9/9Rat5FQuMI3aDzqesXuBegzt6shW27G9tDlt6+9CQXR9qJf1\nF0q0nLKOawcvY9BYCQaHG8e8UyG161EUaQGZYVUbo8T+mN7UMnLzx6iMEgVpZrfC\nwxt386tN81kw8eA9Zd2ZsCw9ZOIjKsXy80Ws+BUP+SoZTP614A+szb4UlQOAZj9k\n8l9hdHIbkU48n2hRoxeN5LfFqxVQ7fD5WzokqjmYx2NTqThnZ9jSoU20ssYkpGg9\nJsXoIImU9+6lpnFp\n-----END CERTI

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\AnyDesk\system.conf

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):849
                                                                                                                                                                                        Entropy (8bit):4.9067235086432675
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12:oizQCJwYL+HndTPmGolAIVm5sEajiBs7UHS7lNqQHvWhQ44LroBGgFBG9tD9wv:aYWndTPmGolV9iBs4y5sAw34LtB93a
                                                                                                                                                                                        MD5:B1755579722D14E2A0CC9999DA14DE26
                                                                                                                                                                                        SHA1:193877649ABA311C2668EC97325BC20BC4BC105D
                                                                                                                                                                                        SHA-256:0321B841F830E8E0EA12357FA38BF977382021F57ECF43069A5344933D7CC35F
                                                                                                                                                                                        SHA-512:4C0941D5604766A206E4C2AFF071027B2814B83E4E9F50DC9CBA5A53B38E85AE2BFF1683949AC05B820C48BFD66537A70BC25B103C2C7903D0CF32EF1340CD22
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:ad.ancl.cached_config=ABYAAAABAAAAAAAAAAAAAAAA.ad.anynet.alias=.ad.anynet.client_stats_hash=0625a78a210f43023319d95c4c537c947893be7b.ad.anynet.cur_version=30064836621.ad.anynet.fpr=e2ddde110d45d20871ba4cdbd349a67296663e61.ad.anynet.id=1568490193.ad.anynet.last_relay=relay-bf60063b.net.anydesk.com:80:443:6568.ad.anynet.network_hash=38a36b7048e510cf09b728d340caba0d6446f93f.ad.anynet.network_id=main.ad.anynet.relay.fatal_result=1.0.ad.anynet.relay.state=2.ad.license.name=free-1.ad.security.frontend_clipboard=1.ad.security.frontend_clipboard_files=1.ad.security.frontend_clipboard_version=1.ad.security.permission_profiles._default.permissions.sas=1.ad.security.permission_profiles._unattended_access.permissions.sas=1.ad.security.permission_profiles.version=1.ad.security.update_version=1.ad.wol.mac_hash=4057f64e26da6c07d2db6159ea0d369ec0271277.

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\AnyDesk\user.conf

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines (3197)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):7016
                                                                                                                                                                                        Entropy (8bit):4.409738395581171
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:PMBDyCSZokspMxnFcynR1PexVhVSoXeTppIG7C2/T7A5aYiTkBaDtjMF:+DyTs0P1WY/CW7A4YiLDtjMF
                                                                                                                                                                                        MD5:33D242DE1417609004F9A873EEFB4E18
                                                                                                                                                                                        SHA1:6C62A27E5FA1BC37809C2B4301DD9CB5F79353BB
                                                                                                                                                                                        SHA-256:2E6E6D0F22F44D5FBDDE021105F7A6C5FF6141E524B867E0E5E165B9B022AA58
                                                                                                                                                                                        SHA-512:72C822C2F198AD21052DDC1A1F4AF1D2F08E651B379BA9942A6241F7F09800255EDC5CB59E37E8E70261D15E267058F7F3B6816BB23628F5FFE7066AB362FD81
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:ad.account.auth_methods=6fa74c609a01f31f1f670668df954f4642a4aae8018a18da8e2dd1a4be18e5f1ad1f52d5f59196fa0ff648310f1fa2df0b53d2e90e4e008262013ecaea923c449f971ae32bd921dc4e1add5e548d676ca5315b01c50e3150c6f014ce7025c27374ab0862b47b212f41cf5778b89cf0207f40c4f5af61491e8c39fedf8843c3c46d548497b268c05c7af0632c17195470f0d9c0bbf567ba8b0f0108bfd6a1fd50d5ab806804e9b3f2d917740773e2db1ae76a9fe91b349eee0529e3ff3b4eefe7a9a9542ab41bc3c3b3f8e8bdeb159dc631cd744596fb9d893a7660451677f5e43ba04a9af191.ad.account.info=6fa74c609a01f31f1f670668df954f4642a4aae8018a18da8e2dd1a4be18e5f1ad1f52d5f59196fa0ff648310f1fa2df0b53d2e90e4e008262013ecaea92dcd0d668b62c9827ad3f4bc4e1c724d6ebcdb7fa8da41e7f53aba26c44de85b4c27374ab0862b47b212f41cf5778b89c8516e9e54211dc8833c07ef4e96803d0c83cbc3f60e34edf41262f945c13becc6470f0d93f17fefb60e25c74254ab0cdd415ddfa857fd3ea229742bfe7d932fffedb10b611cc97f00817fb3fdcf9691066c9deb20581748fb5737629ee043547bd816b973c98514fb9f6326692c7840b38aa47144c7e6a16f6217a13668c54b1992f5fdea9c80baf.ad.acc

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):3202
                                                                                                                                                                                        Entropy (8bit):3.239111870278425
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:EheFnlEUADcdmISOJUYWoymBheFnlEUADckn8SOJPjDymU:EhKl6od1SGUNoyohKl6oS8SGvyH
                                                                                                                                                                                        MD5:03C4909D3857E7623EB8C07C6AC7A3DC
                                                                                                                                                                                        SHA1:9625B491480CF3D00B08F58793449B176C511EEB
                                                                                                                                                                                        SHA-256:4D37E4EAB51EEDB5360456E188FFE4220E402F5F7E3976147E1E00DE10F51106
                                                                                                                                                                                        SHA-512:4FCD37DB47B5DDC6664112F9F51A6FD38F22897BDD5A09E5B19894A2140A670E45F9C658F61BBFCAD7AC10E75CC8187AA0674DA940F02887D38FA35F43DC83CC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:...................................FL..................F.@.. .......2...Mj.v`.....Au`...H.=..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&...........-..%Jm.2....Y.w`.....b.2.H.=..W.. .anydesk.exe.H.......WqH.W......l.....................?z..a.n.y.d.e.s.k...e.x.e.......Q...............-.......P..............D.....C:\Users\user\Desktop\anydesk.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.D.e.s.k.t.o.p.\.a.n.y.d.e.s.k...e.x.e.........%USERPROFILE%\Desktop\anydesk.exe...................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.a.n.y.d.e.s.k...e.x.e..........................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S9FXMM4VZ87JDAQKJ92U.temp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):3202
                                                                                                                                                                                        Entropy (8bit):3.239111870278425
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:EheFnlEUADcdmISOJUYWoymBheFnlEUADckn8SOJPjDymU:EhKl6od1SGUNoyohKl6oS8SGvyH
                                                                                                                                                                                        MD5:03C4909D3857E7623EB8C07C6AC7A3DC
                                                                                                                                                                                        SHA1:9625B491480CF3D00B08F58793449B176C511EEB
                                                                                                                                                                                        SHA-256:4D37E4EAB51EEDB5360456E188FFE4220E402F5F7E3976147E1E00DE10F51106
                                                                                                                                                                                        SHA-512:4FCD37DB47B5DDC6664112F9F51A6FD38F22897BDD5A09E5B19894A2140A670E45F9C658F61BBFCAD7AC10E75CC8187AA0674DA940F02887D38FA35F43DC83CC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:...................................FL..................F.@.. .......2...Mj.v`.....Au`...H.=..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&...........-..%Jm.2....Y.w`.....b.2.H.=..W.. .anydesk.exe.H.......WqH.W......l.....................?z..a.n.y.d.e.s.k...e.x.e.......Q...............-.......P..............D.....C:\Users\user\Desktop\anydesk.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.D.e.s.k.t.o.p.\.a.n.y.d.e.s.k...e.x.e.........%USERPROFILE%\Desktop\anydesk.exe...................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.a.n.y.d.e.s.k...e.x.e..........................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\Desktop\gcapi.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):394240
                                                                                                                                                                                        Entropy (8bit):6.700175464943679
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                                                                                                        MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                                                                                                        SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                                                                                                        SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                                                                                                        SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):7.9991565509956315
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:anydesk.exe
                                                                                                                                                                                        File size:4'040'776 bytes
                                                                                                                                                                                        MD5:30c9c57aa570088d745fac7bfd05b805
                                                                                                                                                                                        SHA1:d579d18848859614e219afa6332d410e0ca71fc3
                                                                                                                                                                                        SHA256:8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
                                                                                                                                                                                        SHA512:182dc736cf09e8b4e063b29c839999ab28506a71e22173484f9dbc9bf9472456406aa0c8de542d85436200317175f9e32d65f1bb1e567b8c717860348fd3b52c
                                                                                                                                                                                        SSDEEP:98304:oOmZb0bHkeaRs4WpcF8uztWOiiROB4/Oo1sRF:rmZb0bEds4XFR0OiC/GT
                                                                                                                                                                                        TLSH:2A1633506BF882E1D1371AB4AE5FE2143F598CFE15F602699C2BA554CDF7C106CC3AA8
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........h.}.;.}.;.}.;..";.}.;..#;.}.;...;.}.;...;.}.;Rich.}.;........................PE..L......d.........."......*...8=............

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:499669d8d82916a8

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x401ce9
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x649AD37F [Tue Jun 27 12:18:07 2023 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                        Import Hash:

                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                        • 12/13/2021 1:00:00 AM 1/9/2025 12:59:59 AM
                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                        • CN=philandro Software GmbH, O=philandro Software GmbH, L=Stuttgart, S=Baden-W\xfcrttemberg, C=DE
                                                                                                                                                                                        Version:3
                                                                                                                                                                                        Thumbprint MD5:EAE713DFC05244CF4301BF1C9F68B1BE
                                                                                                                                                                                        Thumbprint SHA-1:9CD1DDB78ED05282353B20CDFE8FA0A4FB6C1ECE
                                                                                                                                                                                        Thumbprint SHA-256:9D7620A4CEBA92370E8828B3CB1007AEFF63AB36A2CBE5F044FDDE14ABAB1EBF
                                                                                                                                                                                        Serial:0DBF152DEAF0B981A8A938D53F769DB8

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        sub esp, 64h
                                                                                                                                                                                        push esi
                                                                                                                                                                                        lea ecx, dword ptr [ebp-64h]
                                                                                                                                                                                        call 00007F9880D17E53h
                                                                                                                                                                                        lea eax, dword ptr [ebp-64h]
                                                                                                                                                                                        mov ecx, eax
                                                                                                                                                                                        mov dword ptr [0147E0E8h], eax
                                                                                                                                                                                        call 00007F9880D17D11h
                                                                                                                                                                                        test al, al
                                                                                                                                                                                        jne 00007F9880D18474h
                                                                                                                                                                                        mov esi, 000003E8h
                                                                                                                                                                                        lea ecx, dword ptr [ebp-64h]
                                                                                                                                                                                        call 00007F9880D17CFFh
                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                        pop esi
                                                                                                                                                                                        leave
                                                                                                                                                                                        ret
                                                                                                                                                                                        lea eax, dword ptr [ebp-64h]
                                                                                                                                                                                        push eax
                                                                                                                                                                                        lea ecx, dword ptr [ebp-30h]
                                                                                                                                                                                        call 00007F9880D17B33h
                                                                                                                                                                                        lea eax, dword ptr [ebp-30h]
                                                                                                                                                                                        mov ecx, eax
                                                                                                                                                                                        mov dword ptr [0147E0ECh], eax
                                                                                                                                                                                        call 00007F9880D17ACBh
                                                                                                                                                                                        test al, al
                                                                                                                                                                                        jne 00007F9880D18471h
                                                                                                                                                                                        lea ecx, dword ptr [ebp-30h]
                                                                                                                                                                                        call 00007F9880D17AB0h
                                                                                                                                                                                        mov esi, 000003E9h
                                                                                                                                                                                        jmp 00007F9880D18427h
                                                                                                                                                                                        cmp dword ptr [ebp-10h], 00000000h
                                                                                                                                                                                        je 00007F9880D1846Ah
                                                                                                                                                                                        push 00000800h
                                                                                                                                                                                        call dword ptr [ebp-10h]
                                                                                                                                                                                        cmp dword ptr [ebp-0Ch], 00000000h
                                                                                                                                                                                        je 00007F9880D1846Ah
                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                        call dword ptr [ebp-0Ch]
                                                                                                                                                                                        lea eax, dword ptr [ebp-64h]
                                                                                                                                                                                        push eax
                                                                                                                                                                                        lea esi, dword ptr [ebp-30h]
                                                                                                                                                                                        call 00007F9880D183B5h
                                                                                                                                                                                        pop ecx
                                                                                                                                                                                        mov esi, eax
                                                                                                                                                                                        push esi
                                                                                                                                                                                        call dword ptr [ebp-20h]
                                                                                                                                                                                        lea ecx, dword ptr [ebp-30h]
                                                                                                                                                                                        call 00007F9880D17A72h
                                                                                                                                                                                        jmp 00007F9880D183EEh
                                                                                                                                                                                        mov edx, dword ptr [esp+04h]
                                                                                                                                                                                        push ebx
                                                                                                                                                                                        mov ebx, dword ptr [esp+10h]
                                                                                                                                                                                        push esi
                                                                                                                                                                                        xor esi, esi
                                                                                                                                                                                        test ebx, ebx
                                                                                                                                                                                        je 00007F9880D18491h
                                                                                                                                                                                        push edi
                                                                                                                                                                                        mov edi, dword ptr [esp+14h]
                                                                                                                                                                                        sub edi, 0147E0F0h
                                                                                                                                                                                        imul edx, edx, 0019660Dh
                                                                                                                                                                                        add edx, 3C6EF35Fh
                                                                                                                                                                                        mov eax, edx
                                                                                                                                                                                        shr eax, 0Ch

                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                        • [C++] VS2010 build 30319
                                                                                                                                                                                        • [ C ] VS2010 build 30319
                                                                                                                                                                                        • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                        • [LNK] VS2010 build 30319

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x107f0000x4850.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x3d62000x4648.itext
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x10840000x84.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xcaf0000x1c.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x28350x2a00False0.5949590773809523data6.514751266666443IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .itext0x40000xcaae000x0unknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rdata0xcaf0000x2fa0x400False0.7255859375Matlab v4 mat-file (little endian) \234\362\312, numeric, rows 1687868287, columns 0, imaginary5.646642643065067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0xcb00000x3ce4f40x3ce200unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rsrc0x107f0000x48500x4a00False0.5123521959459459data6.017834090303233IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x10840000x3000x400False0.1455078125data1.181265380704217IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                        RT_ICON0x107f2800x1b8ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9167848029486816
                                                                                                                                                                                        RT_ICON0x1080e100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.299390243902439
                                                                                                                                                                                        RT_ICON0x10814780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.478494623655914
                                                                                                                                                                                        RT_ICON0x10817600x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.48155737704918034
                                                                                                                                                                                        RT_ICON0x10819480x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.597972972972973
                                                                                                                                                                                        RT_ICON0x1081ac00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.09404315196998124
                                                                                                                                                                                        RT_ICON0x1082b680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.2047872340425532
                                                                                                                                                                                        RT_GROUP_ICON0x1081a700x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                        RT_GROUP_ICON0x1082fd00x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                        RT_VERSION0x1082ff80x250dataEnglishUnited States0.4814189189189189
                                                                                                                                                                                        RT_MANIFEST0x10832480x606XML 1.0 document, ASCII textEnglishUnited States0.45395590142671854

                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Aug 23, 2023 03:23:54.417371988 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.417443991 CEST44349708185.229.191.44192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.417548895 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.445358038 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.445420980 CEST44349708185.229.191.44192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.520442009 CEST44349708185.229.191.44192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.520562887 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.521399021 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.521423101 CEST44349708185.229.191.44192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.521750927 CEST44349708185.229.191.44192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.521837950 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.630491972 CEST49708443192.168.2.4185.229.191.44
                                                                                                                                                                                        Aug 23, 2023 03:23:54.668850899 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.689373016 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.693983078 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.715432882 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.735888004 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737680912 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737725019 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737765074 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737802029 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737879038 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737880945 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737946033 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.753896952 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.775095940 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.775185108 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.775479078 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.804177999 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.824774027 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.824831009 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.824979067 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.949707985 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:54.970263958 CEST804970992.223.88.41192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.972690105 CEST4970980192.168.2.492.223.88.41
                                                                                                                                                                                        Aug 23, 2023 03:23:55.020973921 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.021034956 CEST4434971051.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.021331072 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.036385059 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.036422014 CEST4434971051.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.135103941 CEST4434971051.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.135349989 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.137494087 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.137526035 CEST4434971051.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.137993097 CEST4434971051.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.138092995 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.247603893 CEST49710443192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.290251970 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.329725981 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.330028057 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.342333078 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.381580114 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390142918 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390227079 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390264034 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390373945 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.402697086 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.446032047 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.446265936 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.446439028 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.478595018 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.559395075 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.620852947 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.673957109 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.757375956 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.757375956 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.796797037 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.796843052 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.834856033 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.848294973 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.849230051 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.867542982 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.874267101 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.875693083 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.875746965 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.875834942 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.878988028 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.879039049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.879076004 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.879126072 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.879126072 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.879194975 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.895792007 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.897505045 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:55.960474968 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.001327038 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.001461983 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.001837969 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007222891 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007330894 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007420063 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007435083 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007584095 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007648945 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007672071 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007759094 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007816076 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007838011 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007910967 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.007966995 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008001089 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008064032 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008122921 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008800030 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008835077 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008876085 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.008892059 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.040816069 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.041039944 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.041117907 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.045089006 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.084589005 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.085275888 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.125114918 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.126818895 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166430950 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166492939 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166548014 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166595936 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166645050 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166682959 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166682959 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166691065 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166739941 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166754007 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166800022 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166846037 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166860104 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166892052 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166938066 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166949034 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.166982889 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167031050 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167042017 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167077065 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167123079 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167135000 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167206049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167252064 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167264938 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167298079 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167345047 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167356968 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167392015 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167434931 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167447090 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167509079 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167553902 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167567015 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167602062 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167646885 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167659044 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167689085 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.167747021 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.176616907 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.206985950 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207053900 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207067966 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207104921 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207110882 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207153082 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207155943 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207199097 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207201004 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207246065 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207248926 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207292080 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207294941 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207339048 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207340956 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207385063 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207391977 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207478046 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207499981 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207547903 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207559109 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207595110 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207597971 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207643986 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207662106 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207691908 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207704067 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207737923 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207746029 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207783937 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207791090 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207830906 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207838058 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207875967 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207885027 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207922935 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207930088 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207969904 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.207977057 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208014965 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208024025 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208064079 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208067894 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208110094 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208117962 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208154917 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208163023 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208199978 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208209038 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208246946 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208252907 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208292961 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208301067 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208339930 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208347082 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208384991 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208390951 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208429098 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208439112 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208475113 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208482027 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208519936 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208527088 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208564043 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208571911 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208609104 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208616972 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208655119 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208666086 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208699942 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208710909 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208744049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208753109 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208790064 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208796978 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208836079 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208846092 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208879948 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208897114 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208928108 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208936930 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208972931 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.208981991 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209017992 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209031105 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209058046 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209067106 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209074974 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209112883 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209125042 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209160089 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209178925 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209203959 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209209919 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209249973 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209252119 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209295034 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209297895 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209338903 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209342957 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209384918 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.209388018 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248668909 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248733997 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248780012 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248823881 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248869896 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248914957 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.248965979 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249016047 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249021053 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249016047 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249016047 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249073982 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249078989 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249078989 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249120951 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249138117 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249169111 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249181986 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249214888 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249228001 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249263048 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249274969 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249311924 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249325037 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249360085 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249380112 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249408007 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249420881 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249454021 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249470949 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249500990 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249514103 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249547958 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249566078 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249594927 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249612093 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249641895 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249658108 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249695063 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249703884 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249739885 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249756098 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249788046 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249800920 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249833107 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249849081 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249881029 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249896049 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249927044 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249941111 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249973059 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.249986887 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250020981 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250034094 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250071049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250082970 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250118017 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250138044 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250164032 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250183105 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250211000 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250226021 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250257015 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250272036 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250303030 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250319004 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250350952 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250368118 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250435114 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250452042 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250480890 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250495911 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250530005 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250545025 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250577927 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250591993 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250624895 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250634909 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250636101 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250673056 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250719070 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250726938 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250762939 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250765085 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250813007 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250837088 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250837088 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250857115 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250905037 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250921965 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250922918 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250951052 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250967026 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.250996113 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.251044989 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.251065969 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.251091003 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.251121044 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290216923 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290277004 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290323973 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290369987 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290415049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290461063 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290509939 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290560007 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290563107 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290610075 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290618896 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290657043 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290703058 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290707111 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290749073 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290750027 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290796041 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290810108 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290843010 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290853977 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290891886 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290894985 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290935993 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290941000 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290981054 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.290983915 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291026115 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291047096 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291074991 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291090012 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291121960 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291126966 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291167021 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291172028 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291213989 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291214943 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291256905 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291299105 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291323900 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291344881 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291374922 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291390896 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291424990 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291435957 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291480064 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291498899 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291517019 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291547060 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291575909 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291594982 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291640043 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291676044 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291676044 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291683912 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291728973 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291729927 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291770935 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291774988 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291819096 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291820049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291857958 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291867971 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291906118 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291910887 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291941881 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291955948 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.291985035 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292000055 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292047977 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292048931 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292085886 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292093992 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292138100 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292181969 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292190075 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292239904 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292268991 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292283058 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292326927 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292354107 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292372942 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292416096 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292454004 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292460918 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292505026 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292532921 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292550087 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292597055 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.292623997 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332726955 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332792044 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332839012 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332885027 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332920074 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332931995 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332973957 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.332977057 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333024025 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333053112 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333081007 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333126068 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333143950 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333170891 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333214998 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333215952 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333262920 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333297968 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333323002 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333368063 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333406925 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333412886 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333460093 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333497047 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333507061 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333551884 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333584070 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333595037 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333640099 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333678007 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333683014 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333725929 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333759069 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333771944 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333817005 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333863020 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333882093 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333899975 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333945036 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333946943 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.333992958 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334041119 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334042072 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334088087 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334131956 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334151030 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334177017 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334217072 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334223032 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334269047 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334314108 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334314108 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334359884 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334395885 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334405899 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334450006 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334495068 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334498882 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334539890 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334578991 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334588051 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334634066 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334678888 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334686041 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334723949 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334753990 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334769011 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334811926 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334856033 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334867954 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334901094 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334948063 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334959030 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.334995031 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.335043907 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374321938 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374387980 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374434948 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374485016 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374533892 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374581099 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374629021 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374675035 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374710083 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374722004 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374758959 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374769926 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374816895 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374862909 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374864101 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374910116 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374927044 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374958038 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.374998093 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375008106 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375060081 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375107050 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375118971 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375154018 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375199080 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375200033 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375248909 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375283003 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375296116 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375344992 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375372887 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375391960 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375438929 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375475883 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375514984 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375562906 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375608921 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375610113 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375655890 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375690937 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375741005 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375787973 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375834942 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375835896 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375884056 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375912905 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375931025 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.375977039 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376002073 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376024008 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376081944 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376110077 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376128912 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376176119 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376203060 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376223087 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376270056 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376296997 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376317024 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376363039 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376394987 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376410007 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376456022 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376482964 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376504898 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376557112 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.376596928 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.415807962 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.415832996 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.415898085 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.415949106 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.415994883 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.415997028 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416047096 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416049004 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416094065 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416121960 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416141987 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416188955 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416193962 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416241884 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416271925 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416290045 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416337013 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416362047 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416383982 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416433096 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416464090 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416480064 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416529894 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416584969 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416604996 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416630983 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416656971 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416676998 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416723967 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416769028 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416770935 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416820049 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416867018 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416882038 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416914940 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416954994 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.416963100 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417010069 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417059898 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417079926 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417105913 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417135954 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417152882 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417200089 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417222977 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417247057 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417293072 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417314053 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417340994 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417388916 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417435884 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417453051 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417484045 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417520046 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417521000 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.417592049 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.457957983 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.497512102 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.549004078 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:23:56.725792885 CEST4971280192.168.2.418.66.26.35
                                                                                                                                                                                        Aug 23, 2023 03:23:56.751379967 CEST804971218.66.26.35192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.753628016 CEST4971280192.168.2.418.66.26.35
                                                                                                                                                                                        Aug 23, 2023 03:23:56.754595041 CEST4971280192.168.2.418.66.26.35
                                                                                                                                                                                        Aug 23, 2023 03:23:56.777954102 CEST804971218.66.26.35192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:57.157766104 CEST804971218.66.26.35192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:57.205481052 CEST4971280192.168.2.418.66.26.35
                                                                                                                                                                                        Aug 23, 2023 03:23:57.768028021 CEST4971280192.168.2.418.66.26.35
                                                                                                                                                                                        Aug 23, 2023 03:23:57.791533947 CEST804971218.66.26.35192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:57.791691065 CEST4971280192.168.2.418.66.26.35
                                                                                                                                                                                        Aug 23, 2023 03:24:06.503007889 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:06.542582989 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:16.550812960 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:16.555339098 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:16.555520058 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:16.590308905 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:26.598618031 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:26.637907028 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:36.646292925 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:36.688940048 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:46.693990946 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:46.735666990 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:56.741731882 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:56.747550011 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:24:56.747730970 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:24:56.781212091 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:06.789767981 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:06.830256939 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:16.837117910 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:16.876482964 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:26.885070086 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:26.927242041 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:36.932548046 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:36.939611912 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:36.939718962 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:36.971800089 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:46.980315924 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:47.021006107 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:25:57.028122902 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:25:57.067713022 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:07.075848103 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:07.115741014 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:17.123879910 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:17.131648064 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:17.131970882 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:17.163351059 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:27.173068047 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:27.212532043 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:37.221589088 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:37.261358976 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:47.269184113 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:47.308506012 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:57.317028046 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:57.323570013 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:26:57.323714972 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:26:57.356575966 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:07.364967108 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:07.404201031 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:17.412501097 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:17.452543974 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:27.460418940 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:27.499921083 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:37.516359091 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:37.516567945 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:37.524138927 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:37.563615084 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:47.571352959 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:47.610630035 CEST804971151.83.238.212192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:27:57.618974924 CEST4971180192.168.2.451.83.238.212
                                                                                                                                                                                        Aug 23, 2023 03:27:57.658260107 CEST804971151.83.238.212192.168.2.4

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Aug 23, 2023 03:23:54.379019976 CEST6031653192.168.2.48.8.8.8
                                                                                                                                                                                        Aug 23, 2023 03:23:54.394311905 CEST53603168.8.8.8192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.642170906 CEST5181653192.168.2.48.8.8.8
                                                                                                                                                                                        Aug 23, 2023 03:23:54.665726900 CEST53518168.8.8.8192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:54.956448078 CEST5139153192.168.2.48.8.8.8
                                                                                                                                                                                        Aug 23, 2023 03:23:54.980254889 CEST53513918.8.8.8192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:55.259649992 CEST4978553192.168.2.48.8.8.8
                                                                                                                                                                                        Aug 23, 2023 03:23:55.283067942 CEST53497858.8.8.8192.168.2.4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.679733038 CEST6387253192.168.2.48.8.8.8
                                                                                                                                                                                        Aug 23, 2023 03:23:56.719362020 CEST53638728.8.8.8192.168.2.4

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Aug 23, 2023 03:23:54.379019976 CEST192.168.2.48.8.8.80x4c3fStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:54.642170906 CEST192.168.2.48.8.8.80x280dStandard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:54.956448078 CEST192.168.2.48.8.8.80x4d3dStandard query (0)relay-bf60063b.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:55.259649992 CEST192.168.2.48.8.8.80xe7c1Standard query (0)relay-bf60063b.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:56.679733038 CEST192.168.2.48.8.8.80x3332Standard query (0)api.playanext.comA (IP address)IN (0x0001)false

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Aug 23, 2023 03:23:54.394311905 CEST8.8.8.8192.168.2.40x4c3fNo error (0)boot.net.anydesk.com185.229.191.44A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:54.665726900 CEST8.8.8.8192.168.2.40x280dNo error (0)boot.net.anydesk.com92.223.88.41A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:54.980254889 CEST8.8.8.8192.168.2.40x4d3dNo error (0)relay-bf60063b.net.anydesk.com51.83.238.212A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:55.283067942 CEST8.8.8.8192.168.2.40xe7c1No error (0)relay-bf60063b.net.anydesk.com51.83.238.212A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:56.719362020 CEST8.8.8.8192.168.2.40x3332No error (0)api.playanext.comd1atxff5avezsq.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:56.719362020 CEST8.8.8.8192.168.2.40x3332No error (0)d1atxff5avezsq.cloudfront.net18.66.26.98A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:56.719362020 CEST8.8.8.8192.168.2.40x3332No error (0)d1atxff5avezsq.cloudfront.net18.66.26.119A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:56.719362020 CEST8.8.8.8192.168.2.40x3332No error (0)d1atxff5avezsq.cloudfront.net18.66.26.62A (IP address)IN (0x0001)false
                                                                                                                                                                                        Aug 23, 2023 03:23:56.719362020 CEST8.8.8.8192.168.2.40x3332No error (0)d1atxff5avezsq.cloudfront.net18.66.26.35A (IP address)IN (0x0001)false

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • api.playanext.comuser-agent: anydesk

                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        0192.168.2.44970992.223.88.4180C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        Aug 23, 2023 03:23:54.715432882 CEST5OUTData Raw: 16 03 01 01 0d 01 00 01 09 03 03 88 85 d5 d5 9a a0 6d da a1 24 4a 87 3b 1b 0f 7a 68 d4 b5 db fa ad a0 9d 34 b1 1b 31 8d af e6 91 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                        Data Ascii: m$J;zh41n0,($kjih98762.*&=5/+'#g@?>32101-)%</r#
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737680912 CEST5INData Raw: 16 03 03 00 57 02 00 00 53 03 03 ee be 4a 69 ae 6a 23 6d 8b 44 33 47 3e c3 c6 1b fd d5 38 9d e4 4b 9c bd 44 4f 57 4e 47 52 44 01 20 39 92 be 18 75 98 e2 62 42 5c 8f a3 d2 74 e5 3c 1f b9 d4 3d 25 83 b5 5d c6 53 9f 8c 3c 91 fc 2e c0 2c 00 00 0b ff
                                                                                                                                                                                        Data Ascii: WSJij#mD3G>8KDOWNGRD 9ubB\t<=%]S<.,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737725019 CEST6INData Raw: e6 e8 20 b9 4b 8b bb 63 de 6f 65 6a 9f 5d d7 c1 97 9b 2d 30 4e 9a 81 85 b4 1c 92 a6 ed d8 7a f9 df 9d 03 b3 90 9c 78 a9 c8 ba 0e 3c ac ec 14 db 7d 51 b3 97 06 b9 f6 77 60 ab fe 59 83 af 8e 97 56 29 c7 db 7e 71 79 d1 c7 f7 da b6 c8 f7 af 8f 24 e0
                                                                                                                                                                                        Data Ascii: Kcoej]-0Nzx<}Qw`YV)~qy$ZG|'SO^jl$|XM+")+{n\&9S|4xLp|aZ.qDL\vq$;OroCs4|z\8[TRxU>R
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737765074 CEST7INData Raw: 35 35 5a 17 0d 32 34 30 34 30 38 30 32 33 37 35 35 5a 30 48 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 4e 65 74 20 52 6f 6f 74 20 43 41 31 20 30 1e 06 03 55 04 0a 0c 17 70 68 69 6c 61 6e 64 72 6f 20 53 6f 66 74 77 61 72 65 20 47 6d 62 48 31 0b 30
                                                                                                                                                                                        Data Ascii: 55Z240408023755Z0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0"0*H0AZ T7;h8m&i6p4p]|Zx1\{ZQ/3'h;jlaV
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737802029 CEST7INData Raw: 3c 1f 22 91 25 17 15 cc 42 82 da 3b a8 39 c7 2a 50 ca d9 4c a0 8c 95 33 75 03 70 b8 df a0 c9 b2 b2 8b 1b 38 83 79 32 c3 12 da 33 96 42 f4 91 11 aa c6 26 31 bc ea 43 8a 30 54 65 c5 43 9e 50 3b fa 91 93 0e 9d 3b 23 4a 3d 43 c1 c6 22 9b 68 af 2f fc
                                                                                                                                                                                        Data Ascii: <"%B;9*PL3up8y23B&1C0TeCP;;#J=C"h/R"j.P0N0UeyXW6\bG0U#0eyXW6\bG0U00*HG`4%(^0VGv T=#
                                                                                                                                                                                        Aug 23, 2023 03:23:54.737879038 CEST8INData Raw: ca b6 9b 39 e6 cf 27 d0 2c 99 74 d4 ca de 47 88 ed df f7 9c 3b ac 8a 62 d2 75 90 d9 00 81 d3 f8 c2 47 8e 9a bd 87 6d ce e5 9a 7f 28 76 a4 77 c6 3f b9 bf 4d f1 cb df 0f 2c 73 fe b4 60 e3 26 5e 83 f2 ae 36 56 94 e9 a7 9d a1 3d ca 5d 6e 3d 5d a8 6f
                                                                                                                                                                                        Data Ascii: 9',tG;buGm(vw?M,s`&^6V=]n=]oh'g4E4{%QT?*Qd9wsfI+\+Wfp;q.Lgr:>4m`=D^!`l.:s&jA>sAfkL>1zu%j3N
                                                                                                                                                                                        Aug 23, 2023 03:23:54.753896952 CEST9OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 33 30 38 32 33 30 31 32 33
                                                                                                                                                                                        Data Ascii: 000*H010UAnyDesk Client0 230823012353Z20730810012353Z010UAnyDesk Client0"0*H0,mQ8s_hm@@&L*yg$Z|kkR2PSr{sq%;X7[
                                                                                                                                                                                        Aug 23, 2023 03:23:54.775095940 CEST9INData Raw: 14 03 03 00 01 01 16 03 03 00 28 1e f8 75 ce c7 9c 82 8c 5e bf 09 78 f4 00 17 89 aa 2f 79 2f 6b 90 dd ca 3b 4b 1a f3 9a fd 7d e8 5c d2 01 f8 26 16 43 17
                                                                                                                                                                                        Data Ascii: (u^x/y/k;K}\&C
                                                                                                                                                                                        Aug 23, 2023 03:23:54.775185108 CEST9INData Raw: 17 03 03 00 23 1e f8 75 ce c7 9c 82 8d c3 de ea 36 ad 2e d9 16 42 38 ba e4 bb ae c7 73 b0 4d 86 9a af ea 49 3c 7f a2 8e
                                                                                                                                                                                        Data Ascii: #u6.B8sMI<
                                                                                                                                                                                        Aug 23, 2023 03:23:54.804177999 CEST9OUTData Raw: 17 03 03 00 57 98 e6 70 42 84 28 00 0d 55 61 4d 4e d6 1f 2c 58 a6 75 96 00 f1 cb 81 7c aa f0 bd 3b 96 da f2 9e 94 2c e7 77 f2 79 bd 8d 49 0b f3 2a 02 e8 cb dc 71 55 da f6 5f 63 3f f8 98 9b 35 af 20 13 db 1f 67 6b 15 f7 8f 22 85 e2 b3 d1 7a 16 79
                                                                                                                                                                                        Data Ascii: WpB(UaMN,Xu|;,wyI*qU_c?5 gk"zyd
                                                                                                                                                                                        Aug 23, 2023 03:23:54.824774027 CEST10INData Raw: 17 03 03 03 2f 1e f8 75 ce c7 9c 82 8e 41 fc 14 9d f1 d4 ed 74 36 e2 78 5d c2 0c 85 0d 5b da 4e c0 8a e9 b8 3e 36 48 5e 1a 8b 3d c6 d2 12 e1 c9 23 ee 32 f4 73 4b b2 c0 98 c0 26 20 85 78 7b c6 18 37 94 00 8f 10 7c 9c ff 97 d3 5b bd 8c f0 ce 87 25
                                                                                                                                                                                        Data Ascii: /uAt6x][N>6H^=#2sK& x{7|[%<2+o,<sE0}83y)V[BeaU!V9<<23{6v'b//PoQ>Hp:v]:NI*3@5ZNH!:3Fl[c98:W
                                                                                                                                                                                        Aug 23, 2023 03:23:54.824831009 CEST10INData Raw: 3e 14 ef 2e 6d 3e 63 36 5d 74 b2 cd 18 4e a7 0f 90 75 29 b4 68 95 ac 0b 39 81 bc d2 ad 14 ea 0d 66 de f1 0d 8f 04 57 9d bf 77 80 b5 3f 7c 0e cd 1e 0d 4e f4 2e 8b 54 46 c0 d6 a3 be c0 a4 ba 8c e4 8a 80 4e 1e 36 e0 b1 81 75 6c f5 d2 17 77 a6 2c 02
                                                                                                                                                                                        Data Ascii: >.m>c6]tNu)h9fWw?|N.TFN6ulw,$lzE)?df}wTpS[iN}K"7L52A2UP>^dPH<{uWAnTsn&YFJWK'yaY6j]0@YCFhgz&maW<@


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        1192.168.2.44971151.83.238.21280C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        Aug 23, 2023 03:23:55.342333078 CEST16OUTData Raw: 16 03 01 01 0d 01 00 01 09 03 03 4f d7 48 c3 b4 42 72 39 2d 1a 04 1c 4a 5a a0 ac ae 4c 0b b2 28 24 54 64 86 92 b0 fb 23 1e b1 a3 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                        Data Ascii: OHBr9-JZL($Td#n0,($kjih98762.*&=5/+'#g@?>32101-)%</r#
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390142918 CEST17INData Raw: 16 03 03 00 57 02 00 00 53 03 03 b6 77 02 06 4b 13 77 45 75 6c f5 56 a0 26 e4 e4 db ea ca e6 33 51 93 8f 44 4f 57 4e 47 52 44 01 20 e5 fc 1b 74 91 1f 61 48 e6 c5 73 6b 51 ee fd cc dd ed fb 14 32 2b 5f 27 ec fd b7 12 a0 52 cc ea c0 2c 00 00 0b ff
                                                                                                                                                                                        Data Ascii: WSwKwEulV&3QDOWNGRD taHskQ2+_'R,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390227079 CEST18INData Raw: 5a eb 51 2f 97 bf f6 fb 33 27 90 b3 d8 e4 e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63
                                                                                                                                                                                        Data Ascii: ZQ/3'h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_e
                                                                                                                                                                                        Aug 23, 2023 03:23:55.390264034 CEST18INData Raw: 70 68 69 6c 61 6e 64 72 6f 20 53 6f 66 74 77 61 72 65 20 47 6d 62 48 31 0b 30 09 06 03 55 04 06 13 02 44 45 16 03 03 00 04 0e 00 00 00
                                                                                                                                                                                        Data Ascii: philandro Software GmbH10UDE
                                                                                                                                                                                        Aug 23, 2023 03:23:55.402697086 CEST20OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 33 30 38 32 33 30 31 32 33
                                                                                                                                                                                        Data Ascii: 000*H010UAnyDesk Client0 230823012353Z20730810012353Z010UAnyDesk Client0"0*H0,mQ8s_hm@@&L*yg$Z|kkR2PSr{sq%;X7[
                                                                                                                                                                                        Aug 23, 2023 03:23:55.446032047 CEST20INData Raw: 14 03 03 00 01 01 16 03 03 00 28 5a b6 5a 2f 52 d0 b7 b5 8d 60 6d 79 bf 12 7a 89 b6 de 39 47 40 ec 25 bd d8 3f d4 c6 84 ed de fb fe c1 18 d1 eb 83 2a 82
                                                                                                                                                                                        Data Ascii: (ZZ/R`myz9G@%?*
                                                                                                                                                                                        Aug 23, 2023 03:23:55.446265936 CEST20INData Raw: 17 03 03 00 23 5a b6 5a 2f 52 d0 b7 b6 2d b5 15 20 d4 56 b7 0b b8 a4 f1 17 44 46 d6 8c 63 b6 d8 bc c3 3b bf c3 00 14 b1
                                                                                                                                                                                        Data Ascii: #ZZ/R- VDFc;
                                                                                                                                                                                        Aug 23, 2023 03:23:55.478595018 CEST20OUTData Raw: 17 03 03 00 57 b5 1f 68 86 4c 54 43 e4 da 2f e8 1f d2 c9 d7 31 3f 2d 11 ac 21 61 4c 71 4e ee 7f ea ff 6c 78 ac 04 7a a2 7a 1c 00 c0 33 6e b7 f2 f8 f3 52 95 73 49 5a 7c b7 f7 6b 02 7c df 88 05 ca 58 9b 2e d1 85 4d c3 cf 5a 8d 0b b6 ec 0c dc 09 98
                                                                                                                                                                                        Data Ascii: WhLTC/1?-!aLqNlxzz3nRsIZ|k|X.MZ!ZSmP
                                                                                                                                                                                        Aug 23, 2023 03:23:55.620852947 CEST20INData Raw: 17 03 03 00 8d 5a b6 5a 2f 52 d0 b7 b7 1c 04 8f 3b b1 bb 47 ed 79 ff c8 34 4b 20 7c 74 8a dd bc 7f d5 2a dc bb 52 03 a1 13 2f 4f 9f c3 d4 b1 83 44 b5 b0 3e d3 34 56 e7 8a aa 94 fc e2 b6 d5 00 2d 67 df 67 7b dc e1 33 61 2c b9 92 ca ae 36 2d 12 c7
                                                                                                                                                                                        Data Ascii: ZZ/R;Gy4K |t*R/OD>4V-gg{3a,6-Z%/4I2m477DYBpex!uPvIhQ:{
                                                                                                                                                                                        Aug 23, 2023 03:23:55.757375956 CEST21OUTData Raw: 17 03 03 02 87 b5 1f 68 86 4c 54 43 e5 7b a5 ab 05 03 e6 3d 64 88 a2 39 07 e5 68 34 34 9f 6d 9d 43 ac 15 e2 fe 97 28 69 fb a8 45 a0 e6 7d f2 f9 f2 ec 89 1a d5 08 f7 c1 06 f9 21 cf dd ad 0d f0 ff 90 1c 7e 48 79 0b fa 9a bb a5 4f d6 ec 06 9a 6c 52
                                                                                                                                                                                        Data Ascii: hLTC{=d9h44mC(iE}!~HyOlR0cr0)>n*"1(iQ06"#kuSLg76u~-EsNIuc0zb6@z9i(87M;,!G`kgH(F:A&:t
                                                                                                                                                                                        Aug 23, 2023 03:23:55.757375956 CEST21OUTData Raw: 17 03 03 01 50 b5 1f 68 86 4c 54 43 e6 74 c4 e4 d4 7d d5 15 c8 59 0a 18 7e ee f4 f1 8e 81 83 52 56 f6 e2 da b0 e0 4c 89 61 d5 90 c7 03 f4 bb cf 42 dc e2 ea c4 c3 9f 6f f3 a1 0b 73 2a 67 b2 5d 5b ac b1 dc a2 0f c6 99 99 03 4a 4a ba 0e 42 6c 17 83
                                                                                                                                                                                        Data Ascii: PhLTCt}Y~RVLaBos*g][JJBl;WbO|It(%>1_ [flTHihP{Evn_@S7H3R|$!:A6Qa2TnsXo-L3&\7bTZde.4-V`Q^}t#WXM
                                                                                                                                                                                        Aug 23, 2023 03:23:55.834856033 CEST22OUTData Raw: 17 03 03 02 16 b5 1f 68 86 4c 54 43 e7 db 9b c8 70 ff f7 98 25 76 a0 29 93 60 3f fe 3c f9 be 0a 0b 01 a0 1e 25 5b 8d 5e 97 7a f2 52 c4 b2 b6 4c bd 94 0b f5 81 5e 36 8c 6b be 6a b4 79 dd 71 7e cd e2 cd e4 40 f1 5e 22 11 36 36 d1 4b 6a de 77 aa 52
                                                                                                                                                                                        Data Ascii: hLTCp%v)`?<%[^zRL^6kjyq~@^"66KjwR[]8z0i(pl Su!+1SlW5S3tV[}]-2eUDeLtY()"FIj5^4*l`eBJ6MRFn&:["}((tJn7:
                                                                                                                                                                                        Aug 23, 2023 03:23:55.848294973 CEST22INData Raw: 17 03 03 00 44 5a b6 5a 2f 52 d0 b7 b8 19 de 7a 17 0f 0b 95 83 d2 98 eb 8c ee 5b 77 59 29 8d 63 68 d0 01 51 47 15 e4 13 89 46 df 0c c3 b1 1f b1 b5 5a 0a 7a f6 45 d5 94 45 33 93 11 82 ed f6 a9 ce 86 1b de 20 81 3a 69 ce
                                                                                                                                                                                        Data Ascii: DZZ/Rz[wY)chQGFZzEE3 :i
                                                                                                                                                                                        Aug 23, 2023 03:23:55.849230051 CEST22OUTData Raw: 17 03 03 00 2a b5 1f 68 86 4c 54 43 e8 37 a1 2f b4 15 51 06 4b 16 b4 7d d7 06 27 93 b0 9e 9e 05 11 2f a2 22 ab 00 d8 12 d1 2f a0 9a 3d 26 00
                                                                                                                                                                                        Data Ascii: *hLTC7/QK}'/"/=&
                                                                                                                                                                                        Aug 23, 2023 03:23:55.867542982 CEST22INData Raw: 17 03 03 00 37 5a b6 5a 2f 52 d0 b7 b9 8c b2 9b 29 8f 3b 0c 7d ed 35 ca bd a7 d2 6a 6a b1 50 e9 0b 0c 96 e3 b1 a1 d5 93 0c a1 7a 89 c1 df 15 69 92 2f c5 ce 64 ba e4 10 85 be b2 27
                                                                                                                                                                                        Data Ascii: 7ZZ/R);}5jjPzi/d'
                                                                                                                                                                                        Aug 23, 2023 03:23:55.875693083 CEST23INData Raw: 17 03 03 00 28 5a b6 5a 2f 52 d0 b7 ba 81 bb 2f a0 a6 01 f3 ae 94 22 42 50 2f 4d a8 34 da ba 02 74 e4 22 bd 69 ac f6 68 f2 1d dd fa 35
                                                                                                                                                                                        Data Ascii: (ZZ/R/"BP/M4t"ih5
                                                                                                                                                                                        Aug 23, 2023 03:23:55.875746965 CEST23INData Raw: 17 03 03 00 23 5a b6 5a 2f 52 d0 b7 bb 59 17 37 a6 82 36 4d a1 06 9e 59 85 01 de d8 01 2d 0b 99 8f 36 46 59 72 9f 16 df
                                                                                                                                                                                        Data Ascii: #ZZ/RY76MY-6FYr
                                                                                                                                                                                        Aug 23, 2023 03:23:55.897505045 CEST25OUTData Raw: 17 03 03 00 3e b5 1f 68 86 4c 54 43 e9 6b f0 db 88 4a 2a 83 e5 7c 36 5a c3 85 a7 2b dd 6a d7 0e ef f1 a7 ce f5 ac 97 7e 05 3d 04 bf e2 de 8b dc fd b7 ac 9b 75 09 6f 8d 9d f6 56 2e 00 63 1a c8 95 d2 34
                                                                                                                                                                                        Data Ascii: >hLTCkJ*|6Z+j~=uoV.c4
                                                                                                                                                                                        Aug 23, 2023 03:23:56.001837969 CEST25OUTData Raw: 17 03 03 00 34 b5 1f 68 86 4c 54 43 ea 18 37 3e da 70 35 68 f0 c6 6b 56 7d 5b 56 ad 9f 8e bc fd 63 b9 97 f5 70 7e ec 87 1f 2b 34 a9 40 9c f7 b7 b7 4f 8a f5 56 bd e4 bb fa
                                                                                                                                                                                        Data Ascii: 4hLTC7>p5hkV}[Vcp~+4@OV
                                                                                                                                                                                        Aug 23, 2023 03:23:56.045089006 CEST27OUTData Raw: 17 03 03 00 34 b5 1f 68 86 4c 54 43 eb f3 dc bb 34 96 b5 a6 52 c1 4b dc aa 16 de 29 12 46 1d 94 86 8a 33 23 29 3c 04 2d 97 a1 d7 e8 d0 e9 fa 8f 19 1b e0 2a de 0f 9b c3 69
                                                                                                                                                                                        Data Ascii: 4hLTC4RK)F3#)<-*i


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        2192.168.2.44971218.66.26.3580C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        Aug 23, 2023 03:23:56.754595041 CEST444OUTPOST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/7.1.13Accept: */*Content-Length: 354Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"f3eb68f5f8365c92894e1ed74e919d4a","session_id":1692753836373372,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"United States"}}
                                                                                                                                                                                        Data Raw:
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        Aug 23, 2023 03:23:57.157766104 CEST445INHTTP/1.1 200 OK
                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Date: Wed, 23 Aug 2023 01:23:57 GMT
                                                                                                                                                                                        x-amzn-RequestId: 1200465d-e49f-43e1-9b03-899355db9ba6
                                                                                                                                                                                        x-amz-apigw-id: KFvjFGSBoAMF9Jg=
                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-64e55fad-13fae4754198f61a69240e91;Sampled=0;lineage=d7502c8f:0
                                                                                                                                                                                        Via: 1.1 6c38ff4c7648bbb26bea641498fdefb0.cloudfront.net (CloudFront), 1.1 127e1ddb6224f10ae9e484392afd1b6c.cloudfront.net (CloudFront)
                                                                                                                                                                                        X-Amz-Cf-Pop: VIE50-P1
                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                        X-Amz-Cf-Pop: VIE50-P1
                                                                                                                                                                                        X-Amz-Cf-Id: e015JVPdxoS6m3jog3HwDQcSVtX9SPuJs1ZQA9LMvh4OCtNsCn-_pw==


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:03:23:45
                                                                                                                                                                                        Start date:23/08/2023
                                                                                                                                                                                        Path:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        Imagebase:0x11f0000
                                                                                                                                                                                        File size:4'040'776 bytes
                                                                                                                                                                                        MD5 hash:30C9C57AA570088D745FAC7BFD05B805
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                        Start time:03:23:48
                                                                                                                                                                                        Start date:23/08/2023
                                                                                                                                                                                        Path:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\anydesk.exe" --local-service
                                                                                                                                                                                        Imagebase:0x11f0000
                                                                                                                                                                                        File size:4'040'776 bytes
                                                                                                                                                                                        MD5 hash:30C9C57AA570088D745FAC7BFD05B805
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:03:23:48
                                                                                                                                                                                        Start date:23/08/2023
                                                                                                                                                                                        Path:C:\Users\user\Desktop\anydesk.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\anydesk.exe" --local-control
                                                                                                                                                                                        Imagebase:0x11f0000
                                                                                                                                                                                        File size:4'040'776 bytes
                                                                                                                                                                                        MD5 hash:30C9C57AA570088D745FAC7BFD05B805
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        No disassembly