Windows Analysis Report
AnyDesk.exe

Overview

General Information

Sample name: AnyDesk.exe
Analysis ID: 1562860
MD5: bceea9753420a675af68cda43864438e
SHA1: 0823f156da4f106a26b5738cf9f732d5dd68cdd8
SHA256: b6a6a59c8b8387233be03bb2111830d4e8aafec6a62a290090ae75cbff5736ec
Tags: doganalecmdexeuser-JAMESWT_MHT
Infos:

Detection

DBatLoader
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Found malware configuration
Source: AnyDesk.exe Malware Configuration Extractor: DBatLoader {"Download Url": ["https://vandeytas.ru.com/233_Hlvzmhuinff"]}
Multi AV Scanner detection for submitted file
Source: AnyDesk.exe ReversingLabs: Detection: 65%
Source: AnyDesk.exe Virustotal: Detection: 31% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.8% probability
Uses 32bit PE files
Source: AnyDesk.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49833 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49839 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49845 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49852 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49859 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49880 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49894 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49915 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49922 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49929 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49936 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49943 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49964 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49971 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49986 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49993 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50000 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50007 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50014 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50020 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50033 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50040 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50047 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50054 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50065 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50072 version: TLS 1.2
Source: Binary string: easinvoker.pdb source: AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: easinvoker.pdbGCTL source: AnyDesk.exe, 00000000.00000003.2120469469.00000000027D1000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B25908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA, 0_2_02B25908

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://vandeytas.ru.com/233_Hlvzmhuinff
Contains functionality to check if a connection to the internet is available
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3E4B8 InternetCheckConnectionA, 0_2_02B3E4B8
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 50.7.187.218 50.7.187.218
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: COGENT-174US COGENT-174US
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49708 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49725 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49711 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49770 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49742 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49778 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49785 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49763 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49799 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49812 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49715 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49806 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49833 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49839 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49733 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49845 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49880 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49874 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49859 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49887 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49749 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49756 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49792 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49901 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49826 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49915 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49922 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49936 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49950 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49957 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49943 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49852 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49819 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49867 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49964 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49971 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49979 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49986 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49993 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49929 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50000 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49894 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50007 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50014 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50020 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50033 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49908 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50047 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50027 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50040 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50054 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50061 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50072 -> 50.7.187.218:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50065 -> 50.7.187.218:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic DNS traffic detected: DNS query: vandeytas.ru.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:11 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:14 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:16 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:25 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:33 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:36 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:51 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:53 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:57 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:00 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:11 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:15 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:22 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:26 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:28 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:33 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:35 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:37 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:46 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:48 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:50 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:54 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:56 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:59 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:03 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:05 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3383259657.000000007F9FF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120469469.0000000002872000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.pmail.com
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000063C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2517737691.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.000000000063E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2668808919.0000000000642000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2256562401.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2343804811.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2188445742.0000000000646000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/
Source: AnyDesk.exe, 00000000.00000002.3382171324.000000002090D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_Hlv
Source: AnyDesk.exe, 00000000.00000002.3382171324.0000000020923000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2343804811.000000000064B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinff
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinff0
Source: AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2495985049.0000000000642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffL
Source: AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffLL
Source: AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffT
Source: AnyDesk.exe, 00000000.00000003.2344442230.00000000005F9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005F9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.00000000005F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffX
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.000000000063C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.000000000063E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2668808919.0000000000642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinffg
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000649000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2188445742.000000000063C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinffi
Source: AnyDesk.exe, 00000000.00000003.2343804811.0000000000644000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/D
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/d
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com/l
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2734850198.0000000000653000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vandeytas.ru.com:443/233_Hlvzmhuinff
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49833 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49839 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49845 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49852 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49859 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49874 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49880 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49894 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49915 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49922 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49929 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49936 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49943 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49964 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49971 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49986 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49993 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50000 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50007 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50014 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50020 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50033 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50040 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50047 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50054 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50065 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50072 version: TLS 1.2
Contains functionality to call native functions
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose, 0_2_02B3DD70
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B37D78 NtWriteVirtualMemory, 0_2_02B37D78
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile, 0_2_02B3DBB0
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose, 0_2_02B3DC8C
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile, 0_2_02B3DC04
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B38D70 GetThreadContext,SetThreadContext,NtResumeThread, 0_2_02B38D70
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B38D6E GetThreadContext,SetThreadContext,NtResumeThread, 0_2_02B38D6E
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3F7C8 InetIsOffline,CoInitialize,CoUninitialize,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess, 0_2_02B3F7C8
Detected potential crypto function
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B220C4 0_2_02B220C4
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4E596 0_2_02B4E596
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: String function: 02B244DC appears 74 times
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: String function: 02B3894C appears 56 times
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: String function: 02B24860 appears 949 times
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: String function: 02B24500 appears 33 times
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: String function: 02B246D4 appears 244 times
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: String function: 02B389D0 appears 45 times
Sample file is different than original file name gathered from version info
Source: AnyDesk.exe Binary or memory string: OriginalFilename vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3383259657.000000007F9FF000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120469469.000000000286E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368038850.0000000002AA8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368038850.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120469469.0000000002872000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Uses 32bit PE files
Source: AnyDesk.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: mal76.troj.evad.winEXE@1/0@2/1
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B27FD2 GetDiskFreeSpaceA, 0_2_02B27FD2
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B36DC8 CoCreateInstance, 0_2_02B36DC8
Source: C:\Users\user\Desktop\AnyDesk.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: AnyDesk.exe ReversingLabs: Detection: 65%
Source: AnyDesk.exe Virustotal: Detection: 31%
Source: C:\Users\user\Desktop\AnyDesk.exe File read: C:\Users\user\Desktop\AnyDesk.exe Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: url.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ?p .dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ???p.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Section loaded: ??.dll Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: AnyDesk.exe Static file information: File size 1299968 > 1048576
Source: Binary string: easinvoker.pdb source: AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: easinvoker.pdbGCTL source: AnyDesk.exe, 00000000.00000003.2120469469.00000000027D1000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
Yara detected DBatLoader
Source: Yara match File source: 0.2.AnyDesk.exe.2b20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3894C LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_02B3894C
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4D2FC push 02B4D367h; ret 0_2_02B4D35F
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B263B0 push 02B2640Bh; ret 0_2_02B26403
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B263AE push 02B2640Bh; ret 0_2_02B26403
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2332C push eax; ret 0_2_02B23368
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4C378 push 02B4C56Eh; ret 0_2_02B4C566
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2C349 push 8B02B2C1h; ret 0_2_02B2C34E
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4D0AC push 02B4D125h; ret 0_2_02B4D11D
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3306B push 02B330B9h; ret 0_2_02B330B1
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3306C push 02B330B9h; ret 0_2_02B330B1
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4D1F8 push 02B4D288h; ret 0_2_02B4D280
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3F108 push ecx; mov dword ptr [esp], edx 0_2_02B3F10D
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4D144 push 02B4D1ECh; ret 0_2_02B4D1E4
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B26782 push 02B267C6h; ret 0_2_02B267BE
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B26784 push 02B267C6h; ret 0_2_02B267BE
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2D5A0 push 02B2D5CCh; ret 0_2_02B2D5C4
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B4C570 push 02B4C56Eh; ret 0_2_02B4C566
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2C56C push ecx; mov dword ptr [esp], edx 0_2_02B2C571
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3AAE0 push 02B3AB18h; ret 0_2_02B3AB10
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B38AD8 push 02B38B10h; ret 0_2_02B38B08
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3AADF push 02B3AB18h; ret 0_2_02B3AB10
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2CA4E push 02B2CD72h; ret 0_2_02B2CD6A
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2CBEC push 02B2CD72h; ret 0_2_02B2CD6A
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3886C push 02B388AEh; ret 0_2_02B388A6
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B94850 push eax; ret 0_2_02B94920
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3790C push 02B37989h; ret 0_2_02B37981
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B36946 push 02B369F3h; ret 0_2_02B369EB
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B36948 push 02B369F3h; ret 0_2_02B369EB
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B35E7C push ecx; mov dword ptr [esp], edx 0_2_02B35E7E
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B32F60 push 02B32FD6h; ret 0_2_02B32FCE
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3AB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_02B3AB1C
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\AnyDesk.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B25908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA, 0_2_02B25908
Source: AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWo
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\AnyDesk.exe API call chain: ExitProcess graph end node

Anti Debugging
barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3F744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent, 0_2_02B3F744
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\AnyDesk.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B3894C LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_02B3894C
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA, 0_2_02B25ACC
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: GetLocaleInfoA, 0_2_02B2A7C4
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA, 0_2_02B25BD8
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: GetLocaleInfoA, 0_2_02B2A810
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2920C GetLocalTime, 0_2_02B2920C
Source: C:\Users\user\Desktop\AnyDesk.exe Code function: 0_2_02B2B78C GetVersionExA, 0_2_02B2B78C
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562860 Sample: AnyDesk.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 76 10 vandeytas.ru.com 2->10 14 Found malware configuration 2->14 16 Multi AV Scanner detection for submitted file 2->16 18 Yara detected DBatLoader 2->18 20 2 other signatures 2->20 6 AnyDesk.exe 2->6         started        signatures3 process4 dnsIp5 12 vandeytas.ru.com 50.7.187.218, 443, 49707, 49708 COGENT-174US United States 6->12 22 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 6->22 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
50.7.187.218
 vandeytas.ru.com United States
174 COGENT-174US true

Contacted Domains

Name IP Active
vandeytas.ru.com 50.7.187.218 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://vandeytas.ru.com/233_Hlvzmhuinff true
  • Avira URL Cloud: safe
 unknown