Edit tour

Windows Analysis Report
Microsoft.exe

Overview

General Information

Sample Name:	Microsoft.exe
Analysis ID:	697301
MD5:	64d3b02073aa813c69cf0ca52182fa37
SHA1:	f9aefd3d984cdb4866c110f08407f1989eff7fb6
SHA256:	1c702e234542e2bb53e45211cc3ae4426a5088de9510dae58a9ff8b7a65e294f
Infos:

Detection

Score:	57
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Connects to many ports of the same IP (likely port scanning)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Queries information about the installed CPU (vendor, model number etc)

PE file does not import any functions

Sample file is different than original file name gathered from version info

PE file contains strange resources

Detected TCP or UDP traffic on non-standard ports

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

Microsoft.exe (PID: 4668 cmdline: "C:\Users\user\Desktop\Microsoft.exe" MD5: 64D3B02073AA813C69CF0CA52182FA37)

Microsoft.exe (PID: 5908 cmdline: "C:\Users\user\Desktop\Microsoft.exe" --local-service MD5: 64D3B02073AA813C69CF0CA52182FA37)

Microsoft.exe (PID: 4656 cmdline: "C:\Users\user\Desktop\Microsoft.exe" --local-control MD5: 64D3B02073AA813C69CF0CA52182FA37)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: Microsoft.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 92.223.88.7:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.41:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.235:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.198.34.103:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.198.34.103:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.229.191.41:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.41:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.41:443 -> 192.168.2.3:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.235:443 -> 192.168.2.3:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.229.191.44:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.232:443 -> 192.168.2.3:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.235:443 -> 192.168.2.3:49807 version: TLS 1.2

Source: Microsoft.exe

Static PE information: certificate valid

Source: Microsoft.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dda-64\privacy_feature\privacy_feature.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-32\win_dwm\win_dwm.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: Microsoft.exe, 00000000.00000000.245284076.00000000015C7000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000001.00000002.654910385.00000000015C7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-64\win_dwm\win_dwm.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dda-32\privacy_feature\privacy_feature.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdbpK source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: SAS.pdbR source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: SAS.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 49.12.130.236 ports 443,5,6,8,6568,80

Source: Joe Sandbox View

JA3 fingerprint: 3f2fba0262b1a22b739126dfb2fe7a7d

Source: Joe Sandbox View	IP Address: 88.198.34.103 88.198.34.103
Source: Joe Sandbox View	IP Address: 92.223.88.232 92.223.88.232
Source: Joe Sandbox View	IP Address: 92.223.88.41 92.223.88.41

Source: global traffic	TCP traffic: 192.168.2.3:49727 -> 49.12.130.236:6568
Source: global traffic	TCP traffic: 192.168.2.3:49730 -> 185.229.191.44:6568
Source: global traffic	TCP traffic: 192.168.2.3:49733 -> 195.181.174.173:6568
Source: global traffic	TCP traffic: 192.168.2.3:49736 -> 88.198.34.103:6568
Source: global traffic	TCP traffic: 192.168.2.3:49756 -> 49.12.130.235:6568
Source: global traffic	TCP traffic: 192.168.2.3:49763 -> 185.229.191.41:6568
Source: global traffic	TCP traffic: 192.168.2.3:49779 -> 92.223.88.41:6568
Source: global traffic	TCP traffic: 192.168.2.3:49784 -> 92.223.88.232:6568

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/ equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/bg equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/fi equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/hr equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/hu equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/nl equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/no equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/ro equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/ru equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/tr equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/uk equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.fbook.href=https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.de/ equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Prova%20AnyDesk&summary=AnyDesk%20%C3%A4r%20ett%20litet%20och%20snabbt%20program%20f%C3%B6r%20fj%C3%A4rrarbete.%20%20Ladda%20ned%20h%C3%A4r.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Test%20AnyDesk&summary=AnyDesk%20er%20en%20lille%20og%20hurtig%20anvendelse%20til%20fjernarbejde.%20%20Download%20her%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Vyzkou%C5%A1ejte%20AnyDesk&summary=AnyDesk%20je%20mal%C3%A1%20a%20rychl%C3%A1%20aplikace%20pro%20pr%C3%A1ci%20na%20d%C3%A1lku.%20%20St%C3%A1hnout%20zde%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=otestujte%20AnyDesk&summary=AnyDesk%20predstavuje%20mal%C3%BA%20a%20r%C3%BDchlu%20aplik%C3%A1ciu%20pre%20pr%C3%A1cu%20na%20dia%C4%BEku.%20%20Tu%20stiahnu%C5%A5%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%CE%94%CE%BF%CE%BA%CE%B9%CE%BC%CE%AC%CF%83%CF%84%CE%B5%20%CF%84%CE%BF%20AnyDesk&summary=%CE%A4%CE%BF%20AnyDesk%20%CE%B5%CE%AF%CE%BD%CE%B1%CE%B9%20%CE%BC%CE%B9%CE%B1%20%CE%BC%CE%B9%CE%BA%CF%81%CE%AE%20%CE%BA%CE%B1%CE%B9%20%CE%B3%CF%81%CE%AE%CE%B3%CE%BF%CF%81%CE%B7%20%CE%B5%CF%86%CE%B1%CF%81%CE%BC%CE%BF%CE%B3%CE%AE%20%CE%B1%CF%80%CE%BF%CE%BC%CE%B1%CE%BA%CF%81%CF%85%CF%83%CE%BC%CE%AD%CE%BD%CE%B7%CF%82%20%CE%B5%CF%81%CE%B3%CE%B1%CF%83%CE%AF%CE%B1%CF%82.%20%20%CE%9B%CE%AE%CF%88%CE%B7%20%CE%B1%CF%80%CF%8C%20%CE%B5%CE%B4%CF%8E.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%E6%B5%8B%E8%AF%95%20AnyDesk&summary=AnyDesk%20%E6%98%AF%E4%B8%80%E6%AC%BE%E7%94%A8%E4%BA%8E%E8%BF%9C%E7%A8%8B%E5%B7%A5%E4%BD%9C%E7%9A%84%E5%BA%94%E7%94%A8%E8%BD%AF%E4%BB%B6%EF%BC%8C%E5%B0%8F%E5%B7%A7%E4%B8%94%E5%8F%8D%E5%BA%94%E5%BF%AB%E9%80%9F%E3%80%82%E6%AD%A4%E5%A4%84%E4%B8%8B%E8%BD%BD%E3%80%82&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%E8%A9%A6%E8%A9%A6%E7%9C%8B%20AnyDesk%20%E9%81%A0%E7%AB%AF%E6%A1%8C%E9%9D%A2&summary=AnyDesk%20%E6%98%AF%E5%80%8B%E5%B0%8F%E8%80%8C%E5%BF%AB%E9%80%9F%E7%9A%84%E8%9E%A2%E5%B9%95%E5%88%86%E4%BA%AB%E5%8F%8A%E9%81%A0%E7%AB%AF%E5%8D%94%E4%BD%9C%E8%A7%A3%E6%B1%BA%E6%96%B9%E6%A1%88%E3%80%82%E5%9C%A8%E6%AD%A4%E5%8F%96%E5%BE%97%3A%20http%3A%2F%2Fanydesk.com%2F&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=AnyDesk%20proberen&summary=AnyDesk%20is%20een%20kleine%20en%20snelle%20toepassing%20voor%20telewerken.%20%20Hier%20downloaden.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=AnyDesk%E3%82%92%E3%81%8A%E8%A9%A6%E3%81%97%E3%81%8F%E3%81%A0%E3%81%95%E3%81%84&summary=AnyDesk%E3%81%AF%E3%82%B3%E3%83%B3%E3%83%91%E3%82%AF%E3%83%88%E3%81%8B%E3%81%A4%E9%AB%98%E9%80%9F%E3%81%AA%E9%81%A0%E9%9A%94%E6%93%8D%E4%BD%9C%E3%82%A2%E3%83%97%E3%83%AA%E3%82%B1%E3%83%BC%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%A7%E3%81%99%E3%80%82%E3%81%93%E3%81%A1%E3%82%89%E3%81%8B%E3%82%89%E3%83%80%E3%82%A6%E3%83%B3%E3%83%AD%E3%83%BC%E3%83%89%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%80%82&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=AnyDesk'i%20deneyin&summary=AnyDesk,%20uzaktan%20%C3%A7al%C4%B1%C5%9Fma%20i%C3%A7in%20k%C3%BC%C3%A7%C3%BCk%20ve%20h%C4%B1zl%C4%B1%20bir%20uygulamad%C4%B1r.%20%20Buradan%20indirin.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Essayez%20AnyDesk&summary=AnyDesk%20est%20une%20petite%20application%20rapide%20pour%20le%20travail%20%C3%A0%20distance.%20%20T%C3%A9l%C3%A9chargez%20ici%3A%0Ahttp%3A//anydesk.com/&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Experimente%20o%20AnyDesk&summary=AnyDesk%20%C3%A9%20uma%20aplica%C3%A7%C3%A3o%20pequena%20e%20r%C3%A1pida%20para%20o%20trabalho%20remoto.%20%20Descarregue%20aqui.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Prova%20AnyDesk&summary=AnyDesk%20%C3%A8%20un'applicazione%20semplice%20e%20veloce%20per%20il%20lavoro%20a%20distanza.%20%20Scarica%20qui.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Pruebe%20AnyDesk&summary=AnyDesk%20es%20una%20aplicaci%C3%B3n%20peque%C3%B1a%20y%20r%C3%A1pida%20para%20el%20trabajo%20remoto.%20%20Descargar%20aqu%C3%AD.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Przetestuj%20AnyDesk&summary=AnyDesk%20jest%20niewielk%C4%85%20i%20szybk%C4%85%20aplikacj%C4%85%20przeznaczon%C4%85%20do%20pracy%20zdalnej.%20%20Pobierz%20tutaj.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Testar%20o%20AnyDesk&summary=AnyDesk%20%C3%A9%20um%20aplicativo%20pequeno%20e%20r%C3%A1pido%20para%20o%20trabalho%20remoto.%20%20Download%20aqui.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Try%20AnyDesk%20Remote%20Desktop&summary=AnyDesk%20is%20a%20small%20and%20quick%20solution%20for%20screen%20sharing%20and%20remote%20collaboration.%20Get%20it%20here%3A%20http%3A//anydesk.com/&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/bg&title=%D0%9F%D1%80%D0%BE%D0%B1%D0%B2%D0%B0%D0%B9%D1%82%D0%B5%20AnyDesk&summary=AnyDesk%20%D0%B5%20%D0%BC%D0%B0%D0%BB%D0%BA%D0%BE%20%D0%B8%20%D0%B1%D1%8A%D1%80%D0%B7%D0%BE%20%D0%BF%D1%80%D0%B8%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B7%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%B0%20%D0%BE%D1%82%20%D1%80%D0%B0%D0%B7%D1%81%D1%82%D0%BE%D1%8F%D0%BD%D0%B8%D0%B5.%20%20%D0%9C%D0%BE%D0%BB%D1%8F%20%D0%B8%D0%B7%D1%82%D0%B5%D0%B3%D0%BB%D0%B5%D1%82%D0%B5%20%D1%82%D1%83%D0%BA%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/fi&title=Testaa%20AnyDeski%C3%A4&summary=AnyDesk%20on%20pieni%20ja%20nopea%20sovellus%20et%C3%A4ty%C3%B6skentelyyn.%20%20Lataa%20t%C3%A4%C3%A4lt%C3%A4%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/hr&title=Testaa%20AnyDeski%C3%A4&summary=AnyDesk%20je%20mala%20i%20brza%20aplikacija%20za%20rad%20na%20daljinu.%20%20Preuzimanje%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/hu&title=Tesztelje%20az%20AnyDesk%20programot&summary=Az%20AnyDesk%20egy%20kis%20m%C3%A9ret%C5%B1,%20gyors%20alkalmaz%C3%A1s%20t%C3%A1vmunk%C3%A1hoz.%20%20Itt%20t%C3%B6ltheti%20le.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/no&title=Pr%C3%B8v%20AnyDesk&summary=AnyDesk%20en%20en%20liten,%20rask%20applikasjon%20for%20arbeid%20over%20avstander.%20%20Last%20ned%20her%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/ro&title=Testa%C8%9Bi%20AnyDesk&summary=AnyDesk%20este%20o%20aplica%C8%9Bie%20mic%C4%83%20%C8%99i%20rapid%C4%83%20pentru%20lucrul%20de%20la%20distan%C8%9B%C4%83.%20%20Desc%C4%83rca%C8%9Bi%20aici%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/ru&title=%D0%98%D1%81%D0%BF%D1%8B%D1%82%D0%B0%D0%B9%D1%82%D0%B5%20AnyDesk&summary=AnyDesk%20-%20%D1%8D%D1%82%D0%BE%20%D0%BD%D0%B5%D0%B1%D0%BE%D0%BB%D1%8C%D1%88%D0%BE%D0%B5%20%D0%B8%20%D0%B1%D1%8B%D1%81%D1%82%D1%80%D0%BE%D0%B5%20%D0%BF%D1%80%D0%B8%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B4%D0%BB%D1%8F%20%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B9%20%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D1%8B.%20%20%D0%97%D0%B0%D0%B3%D1%80%D1%83%D0%B7%D0%B8%D1%82%D1%8C%20%D0%B7%D0%B4%D0%B5%D1%81%D1%8C%3A&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/uk&title=%D0%92%D0%B8%D0%BF%D1%80%D0%BE%D0%B1%D1%83%D0%B9%D1%82%D0%B5%20AnyDesk&summary=AnyDesk%20-%20%D1%86%D0%B5%20%D0%BC%D0%B0%D0%BB%D0%B5%D0%BD%D1%8C%D0%BA%D0%B8%D0%B9%20%D1%82%D0%B0%20%D1%88%D0%B2%D0%B8%D0%B4%D0%BA%D0%B8%D0%B9%20%D0%B7%D0%B0%D1%81%D1%96%D0%B1%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D1%96%D0%B4%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BE%D1%97%20%D0%BF%D1%80%D0%B0%D1%86%D1%96.%20%20%D0%97%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B8%D1%82%D0%B8%20%D1%82%D1%83%D1%82.&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: ad.share.linkedin.href=https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.de/&title=Testen%20Sie%20AnyDesk&summary=AnyDesk%20ist%20eine%20kleine%20und%20schnelle%20Anwendung%20zur%20Fernarbeit.%0AHier%20herunterladen%3A%20http%3A//anydesk.de/&source= equals www.linkedin.com (Linkedin)
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/sharer/sharer.php?u=http%3A//anydesk.com/ equals www.facebook.com (Facebook)
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Try%20AnyDesk%20Remote%20Desktop&summary=AnyDesk%20is%20a%20small%20and%20quick%20solution%20for%20screen%20sharing%20and%20remote%20collaboration.%20Get%20it%20here%3A%20http%3A//anydesk.com/&source= equals www.linkedin.com (Linkedin)

Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://anydesk.com
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://anydesk.com/
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://anydesk.de/
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://anydesk.de/bestellen
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://anydesk.de/update
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.com/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.com/HelpLinkInstallLocationphilandro
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.646806385.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.com/access
Source: Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251313830.00000000033D3000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251531277.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://help.anydesk.com/access5
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://help.anydesk.com/accessyI
Source: Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.com/backup-alias
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.com/share
Source: Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251313830.00000000033D3000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251531277.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://help.anydesk.com/share.u
Source: Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://help.anydesk.com/sharer
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.de/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.de/access
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.de/backup-alias
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://help.anydesk.de/share
Source: Microsoft.exe, 00000000.00000002.660047466.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.252071679.0000000003D91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ns.ado/1N
Source: Microsoft.exe, 00000000.00000002.660047466.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.252071679.0000000003D91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c/gN
Source: Microsoft.exe, 00000000.00000002.660047466.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.252071679.0000000003D91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.cobjN
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://support.anydesk.com
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://support.anydesk.com/
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://support.anydesk.com/E
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://support.anydesk.comSoftware
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://support.anydesk.de/
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.anydesk.com/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.anydesk.de/agb
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.opengl.org/registry/
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.openssl.org/)
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://anydesk.com
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://anydesk.com/
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://anydesk.com/order
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/order)H
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/order0k
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/order;
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/orderB
Source: Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251345389.00000000033C5000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251487795.00000000033CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/orderRR
Source: Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251345389.00000000033C5000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251487795.00000000033CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/ordern
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/orderv
Source: Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://anydesk.com/privacy
Source: Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://anydesk.com/terms
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/termss
Source: Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://anydesk.com/update
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/update%J
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/updateB
Source: Microsoft.exe, 00000000.00000003.251733647.0000000003349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.com/updatei
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anydesk.comrld
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/access
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/backup-alias
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/bg/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/bg/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/cs/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/cs/android
Source: Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/d
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/da/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/da/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/de/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/de/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/el/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/el/android
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/en/abuse
Source: Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251313830.00000000033D3000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251531277.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/en/abuseUb
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251772966.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/en/android
Source: Microsoft.exe, 00000000.00000003.251313830.00000000033D3000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/en/androidu.
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/error-messages
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/error-messagesclosedad.status.appad.tooblarad.ctrl.traysession_count
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/es/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/es/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/et/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/et/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/fi/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/fi/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/fr/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/fr/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/hr/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/hr/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/hu/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/hu/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/it/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ja/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ja/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ko/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ko/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/nl/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/nl/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/no/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/no/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/pl/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/pl/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/pt-br/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/pt-br/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/pt/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/pt/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ro/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ro/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ru/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/ru/android
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/s
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/share
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/sk/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/sk/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/sv/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/sv/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/tr/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/tr/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/uk/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/uk/android
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/wol
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/wol_E
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/wolmodemode.offmode.off_wake_othersmode.on_automode.on_manualmode.on_manual
Source: Microsoft.exe, 00000000.00000003.251733647.0000000003349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/wolon
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.anydesk.com/wolrs
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/zh-cl/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/zh-cl/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/zh/abuse
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://help.anydesk.com/zh/android
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://my.anydesk.com
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://my.anydesk.companel.currentremove.titlechange.titlemy.anydesk.companel.registerremove.msgad.
Source: Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://order.anydesk.com/trial
Source: Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251345389.00000000033C5000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251487795.00000000033CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://order.anydesk.com/trialPl?V
Source: Microsoft.exe, 00000000.00000003.251733647.0000000003349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://order.anydesk.com/trialYQ
Source: Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251050198.0000000003443000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251450206.0000000003445000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/bg
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/fi
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/hr
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/hu
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/j
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/nl
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/no
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/ro
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/ru
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/tr
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/uk
Source: Microsoft.exe, 00000000.00000003.251194992.0000000003352000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.com/wic
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://plus.google.com/share?url=http%3A//anydesk.de/
Source: Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=bg
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=cs
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=da
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=de
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=el
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=es
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=fi
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=fr
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=hu
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=it
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=ja
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=ko
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=nl
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=no
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=pl
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=pt
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=pt-br
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=ro
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=ru
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=sv
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=tr
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=uk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=zh
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://policies.google.com/privacy?hl=zh-tw
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/privacyyi
Source: Microsoft.exe, 00000001.00000002.658993384.0000000003866000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://relay.anydesk.com
Source: Microsoft.exe, 00000001.00000002.658993384.0000000003866000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://relay.anydesk.com/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://relay.anydesk.comWPADhttps=https:http=http:
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.anydesk.com/
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%C2%BFConoce%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%CE%93%CE%BD%CF%89%CF%81%CE%AF%CE%B6%CE%B5%CF%84%CE%B5%20%CF%84%CE%B
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%D0%92%D1%8B%20%D1%81%D0%BB%D1%8B%D1%88%D0%B0%D0%BB%D0%B8%20%D0%BE%D
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%D0%9F%D0%BE%D0%B7%D0%BD%D0%B0%D0%B2%D0%B0%D1%82%D0%B5%20%D0%BB%D0%B
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%D0%A7%D0%B8%20%D0%B7%D0%BD%D0%B0%D0%B9%D0%BE%D0%BC%D1%96%20%D0%92%D
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%E4%B8%96%E7%95%8C%E6%9C%80%E9%80%9F%E3%81%AE%E9%81%A0%E9%9A%94%E6%9
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%E6%82%A8%E7%9F%A5%E9%81%93%20%23AnyDesk%20%E5%97%8E%3F%20AnyDesk%20
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=%E6%82%A8%E7%9F%A5%E9%81%93%E4%B8%96%E7%95%8C%E4%B8%8A%E6%9C%80%E5%B
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Conhece%20o%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Connaissez-vous%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Conosci%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Cunoa%C8%99te%C8%9Bi%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Czy%20znasz%20%23AnyDesk%20%E2%80%93%20najszybsz%C4%85%20na%20%C5%9B
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=D%C3%BCnyan%C4%B1n%20en%20h%C4%B1zl%C4%B1%20uzaktan%20bak%C4%B1m%20u
Source: Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Do%20you%20know%20%23AnyDesk?%20AnyDesk%20is%20a%20small%20and%20qui
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Ich%20benutze%20%23AnyDesk.%20Hier%20herunterladen%3A%20http%3A//any
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Ismeri%20%C3%96n%20az%20%23AnyDesk%20programot
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=K%C3%A4nner%20du%20till%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Kender%20du%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Kent%20u%20%23AnyDesk%20de%20snelste%20toepassing%20ter%20wereld%20v
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Kjenner%20du%20til%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Onko%20%23AnyDesk%20tuttu?%20Maailman%20nopein%20et%C3%A4huoltosovel
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Pozn%C3%A1te%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Poznajete%20li%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Voc%C3%AA%20conhece%20o%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://twitter.com/home?status=Zn%C3%A1te%20%23AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.anydesk.com
Source: Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.anydesk.com/
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251050198.0000000003443000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251450206.0000000003445000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html%s
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlI
Source: Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT
Source: Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlTs9
Source: Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251345389.00000000033C5000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251487795.00000000033CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlte
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/bg/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/cs/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/da/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/de/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/el/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/es/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/fi/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/fr/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/hu/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/it/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/ja/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/ko/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/nl/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/no/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/pl/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/pt-br/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/pt/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/ro/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/ru/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/sv/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/tr/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/uk/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/zh-tw/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/intl/zh/chrome/privacy/eula_text.html
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Prova%20AnyDesk&summa
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Test%20AnyDesk&summar
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Vyzkou%C5%A1ejte%20An
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=otestujte%20AnyDesk&s
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%CE%94%CE%BF%CE%BA%C
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%E6%B5%8B%E8%AF%95%2
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%E8%A9%A6%E8%A9%A6%E
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=AnyDesk%20proberen&s
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=AnyDesk%E3%82%92%E3%
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Essayez%20AnyDesk&su
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Experimente%20o%20An
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Prova%20AnyDesk&summ
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Pruebe%20AnyDesk&sum
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Przetestuj%20AnyDesk
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Testar%20o%20AnyDesk
Source: Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Try%20AnyDesk%20Remo
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/bg&title=%D0%9F%D1%80%D0%BE
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/fi&title=Testaa%20AnyDeski%
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/hr&title=Testaa%20AnyDeski%
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/hu&title=Tesztelje%20az%20A
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/no&title=Pr%C3%B8v%20AnyDes
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/ro&title=Testa%C8%9Bi%20Any
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/ru&title=%D0%98%D1%81%D0%BF
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/uk&title=%D0%92%D0%B8%D0%BF
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.de/&title=Testen%20Sie%20AnyDes
Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library

Source: unknown

DNS traffic detected: queries for: boot-01.net.anydesk.com

Source: unknown	HTTPS traffic detected: 92.223.88.7:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.41:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.235:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.198.34.103:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.198.34.103:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.229.191.41:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.41:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.41:443 -> 192.168.2.3:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.235:443 -> 192.168.2.3:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.236:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.229.191.44:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.223.88.232:443 -> 192.168.2.3:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.174.173:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.130.235:443 -> 192.168.2.3:49807 version: TLS 1.2

Source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: DirectDrawCreateEx

Source: Microsoft.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Microsoft.exe

Code function: 0_2_00B82DFD

0_2_00B82DFD

Source: Microsoft.exe

Static PE information: No import functions for PE file found

Source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesas.dllj% vs Microsoft.exe
Source: Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesas.dllj% vs Microsoft.exe
Source: Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesas.dllj% vs Microsoft.exe
Source: Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesas.dllj% vs Microsoft.exe

Source: Microsoft.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Microsoft.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Microsoft.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Microsoft.exe "C:\Users\user\Desktop\Microsoft.exe"
Source: C:\Users\user\Desktop\Microsoft.exe	Process created: C:\Users\user\Desktop\Microsoft.exe "C:\Users\user\Desktop\Microsoft.exe" --local-service
Source: C:\Users\user\Desktop\Microsoft.exe	Process created: C:\Users\user\Desktop\Microsoft.exe "C:\Users\user\Desktop\Microsoft.exe" --local-control
Source: C:\Users\user\Desktop\Microsoft.exe	Process created: C:\Users\user\Desktop\Microsoft.exe "C:\Users\user\Desktop\Microsoft.exe" --local-service	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Process created: C:\Users\user\Desktop\Microsoft.exe "C:\Users\user\Desktop\Microsoft.exe" --local-control	Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2155fee3-2419-4373-b102-6843707eb41f}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor

Source: C:\Users\user\Desktop\Microsoft.exe

File created: C:\Users\user\AppData\Roaming\AnyDesk

Jump to behavior

Source: classification engine

Classification label: mal57.troj.evad.winEXE@5/5@54/11

Source: C:\Users\user\Desktop\Microsoft.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_4668_587360404_0_mtx
Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_4656_645436074_0_mtx
Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_4668_587360404_1_mtx
Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_5908_638008739_mtx
Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_623_lsystem_mtx
Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_4656_645436074_1_mtx
Source: C:\Users\user\Desktop\Microsoft.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx

Source: C:\Users\user\Desktop\Microsoft.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: Microsoft.exe

Static file information: File size 3743464 > 1048576

Source: Microsoft.exe

Static PE information: certificate valid

Source: Microsoft.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x388000

Source: Microsoft.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Microsoft.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dda-64\privacy_feature\privacy_feature.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-32\win_dwm\win_dwm.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_loader\AnyDesk.pdb source: Microsoft.exe, 00000000.00000000.245284076.00000000015C7000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000001.00000002.654910385.00000000015C7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dwm-64\win_dwm\win_dwm.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\dda-32\privacy_feature\privacy_feature.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdbpK source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Buildbot\ad-windows-32\build\release\app-32\win_app\win_app.pdb source: Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: SAS.pdbR source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp
Source:	Binary string: SAS.pdb source: Microsoft.exe, 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.654057802.00000000014B7000.00000004.00000001.01000000.00000003.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Microsoft.exe	Unpacked PE file: 0.2.Microsoft.exe.b80000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\Microsoft.exe	Unpacked PE file: 1.2.Microsoft.exe.b80000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\Desktop\Microsoft.exe	Unpacked PE file: 2.2.Microsoft.exe.b80000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Source: C:\Users\user\Desktop\Microsoft.exe

Code function: 0_2_01012FF5 push ecx; ret

0_2_01013008

Source: C:\Users\user\Desktop\Microsoft.exe

Code function: 0_2_01022417 LoadLibraryW,GetProcAddress,GetProcAddress,RtlEncodePointer,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,

0_2_01022417

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Microsoft.exe

File opened: C:\Users\user\Desktop\Microsoft.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard

Source: C:\Users\user\Desktop\Microsoft.exe TID: 5244	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 5832	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 5244	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 5876	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 5340	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 5700	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 648	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 5812	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 3332	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe TID: 648	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor

Source: C:\Users\user\Desktop\Microsoft.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

Code function: 0_2_0101B429 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0101B429

Source: C:\Users\user\Desktop\Microsoft.exe

0_2_01022417

Source: C:\Users\user\Desktop\Microsoft.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe	Code function: 0_2_0101B429 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_0101B429
Source: C:\Users\user\Desktop\Microsoft.exe	Code function: 0_2_01011A7D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_01011A7D

Source: C:\Users\user\Desktop\Microsoft.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\Microsoft.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Microsoft.exe

Code function: 0_2_00F36480 _vswprintf_s,WaitForSingleObject,OutputDebugStringA,GetSystemTime,TlsGetValue,__itow,GetCurrentThreadId,GetCurrentProcessId,__snprintf,SetFilePointer,SetFilePointer,ReadFile,_memmove,SetFilePointer,WriteFile,SetFilePointer,SetEndOfFile,WriteFile,RtlEnterCriticalSection,RaiseException,

0_2_00F36480

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	511 Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	1 Input Capture	1 System Time Discovery	Remote Services	1 Input Capture	Exfiltration Over Other Network Medium	12 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	42 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	331 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Process Injection	NTDS	331 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	2 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Obfuscated Files or Information	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Software Packing	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
Microsoft.exe	0%	Virustotal	Browse
Microsoft.exe	0%	ReversingLabs
Microsoft.exe	3%	Metadefender	Browse

Source	Detection	Scanner	Label
http://ns.adobe.cobjN	0%	Avira URL Cloud	safe
http://ns.ado/1N	0%	Avira URL Cloud	safe
http://support.anydesk.comSoftware	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
boot-02.net.anydesk.com	92.223.88.41	true	false		high
boot-01.net.anydesk.com	92.223.88.7	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com/chrome/privacy/eula_text.htmlT	Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://plus.google.com/share?url=http%3A//anydesk.com/uk	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/da/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/en/android	Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251772966.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://relay.anydesk.com/	Microsoft.exe, 00000001.00000002.658993384.0000000003866000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/intl/zh-tw/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://anydesk.com/update	Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=pt	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/ru/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=pl	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/error-messagesclosedad.status.appad.tooblarad.ctrl.traysession_count	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/nl/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://ns.adobe.cobjN	Microsoft.exe, 00000000.00000002.660047466.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.252071679.0000000003D91000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://anydesk.com/order;	Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.anydesk.com/pt/abuse	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/pt-br/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/no&title=Pr%C3%B8v%20AnyDes	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://anydesk.com/orderB	Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://datatracker.ietf.org/ipr/1526/	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://anydesk.de/bestellen	Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com&title=Vyzkou%C5%A1ejte%20An	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/fi/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=%D0%A7%D0%B8%20%D0%B7%D0%BD%D0%B0%D0%B9%D0%BE%D0%BC%D1%96%20%D0%92%D	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/sk/abuse	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://support.anydesk.de/	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://plus.google.com/share?url=http%3A//anydesk.com/fi	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://help.anydesk.de/share	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/uk/abuse	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/it/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/ja/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/chrome/privacy/eula_text.htmlI	Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.anydesk.com/	Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://anydesk.com/ordern	Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251345389.00000000033C5000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251487795.00000000033CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://policies.google.com/privacy?hl=bg	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/pt/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://help.anydesk.com/share	Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/error-messages	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=ru	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://anydesk.com/orderv	Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.anydesk.com/wol	Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://support.anydesk.com/	Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251061342.0000000003355000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.251697979.0000000003395000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.de/&title=Testen%20Sie%20AnyDes	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/ko/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/es/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=ro	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=%CE%94%CE%BF%CE%BA%C	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/tr/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/uk&title=%D0%92%D0%B8%D0%BF	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/chrome/privacy/eula_text.htmlte	Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251345389.00000000033C5000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251487795.00000000033CC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://help.anydesk.com/share.u	Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251313830.00000000033D3000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251531277.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anydesk.de/	Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/bg&title=%D0%9F%D1%80%D0%BE	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=Poznajete%20li%20%23AnyDesk	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://support.anydesk.com	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/hu/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=cs	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=sv	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/ro/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=Onko%20%23AnyDesk%20tuttu?%20Maailman%20nopein%20et%C3%A4huoltosovel	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://datatracker.ietf.org/ipr/1524/	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/zh-cl/abuse	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Przetestuj%20AnyDesk	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy	Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/fr/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://policies.google.com/privacy?hl=pt-br	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/intl/uk/chrome/privacy/eula_text.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/&title=Essayez%20AnyDesk&su	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.openssl.org/)	Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/cs/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://plus.google.com/share?url=http%3A//anydesk.com/tr	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/hu/abuse	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://help.anydesk.com/backup-alias	Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250415878.0000000003352000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250235689.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251745537.000000000336A000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250370493.00000000033CF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/wolmodemode.offmode.off_wake_othersmode.on_automode.on_manualmode.on_manual	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://support.anydesk.com/	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/ro&title=Testa%C8%9Bi%20Any	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://anydesk.com	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/el/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://plus.google.com/share?url=http%3A//anydesk.com/hr	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://plus.google.com/share?url=http%3A//anydesk.com/hu	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://anydesk.com/updatei	Microsoft.exe, 00000000.00000003.251733647.0000000003349000.00000004.00000020.00020000.00000000.sdmp	false		high
https://my.anydesk.com	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://ns.ado/1N	Microsoft.exe, 00000000.00000002.660047466.0000000003D90000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.252071679.0000000003D91000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.linkedin.com/shareArticle?mini=true&url=http%3A//anydesk.com/hu&title=Tesztelje%20az%20A	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.openssl.org/support/faq.html	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=%E6%82%A8%E7%9F%A5%E9%81%93%20%23AnyDesk%20%E5%97%8E%3F%20AnyDesk%20	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/de/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=Zn%C3%A1te%20%23AnyDesk	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://support.anydesk.com/E	Microsoft.exe, 00000000.00000003.251553231.00000000033DF000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000002.658922352.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251246297.00000000033DC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.anydesk.com/bg/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=%D0%92%D1%8B%20%D1%81%D0%BB%D1%8B%D1%88%D0%B0%D0%BB%D0%B8%20%D0%BE%D	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/chrome/privacy/eula_text.html%s	Microsoft.exe, 00000000.00000003.250707449.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251050198.0000000003443000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000000.00000003.251450206.0000000003445000.00000004.00000800.00020000.00000000.sdmp	false		high
https://twitter.com/home?status=Kender%20du%20%23AnyDesk	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=%D0%9F%D0%BE%D0%B7%D0%BD%D0%B0%D0%B2%D0%B0%D1%82%D0%B5%20%D0%BB%D0%B	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.anydesk.com/	Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/hr/android	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
http://support.anydesk.comSoftware	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://twitter.com/home?status=Kent%20u%20%23AnyDesk%20de%20snelste%20toepassing%20ter%20wereld%20v	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://twitter.com/home?status=K%C3%A4nner%20du%20till%20%23AnyDesk	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high
https://help.anydesk.com/ro/abuse	Microsoft.exe, 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmp, Microsoft.exe, 00000000.00000003.247147351.0000000001961000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000003.257615156.000000000196E000.00000004.00000800.00020000.00000000.sdmp, Microsoft.exe, 00000001.00000002.650565930.0000000001098000.00000002.00000001.01000000.00000003.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
88.198.34.103	unknown	Germany	24940	HETZNER-ASDE	false
185.229.191.44	unknown	Czech Republic	60068	CDN77GB	false
92.223.88.7	boot-01.net.anydesk.com	Austria	199524	GCOREAT	false
92.223.88.232	unknown	Austria	199524	GCOREAT	false
92.223.88.41	boot-02.net.anydesk.com	Austria	199524	GCOREAT	false
49.12.130.235	unknown	Germany	24940	HETZNER-ASDE	false
49.12.130.236	unknown	Germany	24940	HETZNER-ASDE	true
195.181.174.173	unknown	United Kingdom	60068	CDN77GB	false
213.239.213.142	unknown	Germany	24940	HETZNER-ASDE	false
185.229.191.41	unknown	Czech Republic	60068	CDN77GB	false
195.181.174.167	unknown	United Kingdom	60068	CDN77GB	false

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	697301
Start date and time:	2022-09-04 22:11:54 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Microsoft.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal57.troj.evad.winEXE@5/5@54/11
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI Sleeps bigger than 300000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, eudb.ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Execution Graph export aborted for target Microsoft.exe, PID 5908 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Link
88.198.34.103	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDeskUninst5265.exe	Get hash	malicious	Browse
	Vostel-Anydesk.EXE	Get hash	malicious	Browse
	AnyDesk_ETS_WIN.exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
185.229.191.44	http://anydesk.com	Get hash	malicious	Browse
185.229.191.44	https://ms94.yolasite.com/	Get hash	malicious	Browse
92.223.88.7	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk (1).exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
92.223.88.232	AnyDesk (4).exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk (1).exe	Get hash	malicious	Browse
	AnyDeskUninst5265.exe	Get hash	malicious	Browse
	Vostel-Anydesk.EXE	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk_ETS_WIN.exe	Get hash	malicious	Browse
	nqG4It8G4V.exe	Get hash	malicious	Browse
92.223.88.41	AnyDesk.exe	Get hash	malicious	Browse
	1.msi	Get hash	malicious	Browse
	sJ9Q8UWMAX.exe	Get hash	malicious	Browse
	AnyDesk (5).exe	Get hash	malicious	Browse
	AnyDesk (4).exe	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse
	AnyDesk (1).exe	Get hash	malicious	Browse
	Vostel-Anydesk.EXE	Get hash	malicious	Browse
	AnyDesk.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
boot-01.net.anydesk.com	Microsoft.exe	Get hash	malicious	Browse	185.229.191.39
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103
	AnyDesk (1).exe	Get hash	malicious	Browse	195.181.174.174
	Vostel-Anydesk.EXE	Get hash	malicious	Browse	88.198.34.103
	AnyDesk.exe	Get hash	malicious	Browse	49.12.130.235
	AnyDesk.exe	Get hash	malicious	Browse	92.223.88.232
	AnyDesk_ETS_WIN.exe	Get hash	malicious	Browse	88.198.34.103
	YfbB61z87a.exe	Get hash	malicious	Browse	78.138.106.22
	AnyDesk.exe	Get hash	malicious	Browse	178.162.151.213
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103
	AnyDesk.exe	Get hash	malicious	Browse	49.12.130.236
	nqG4It8G4V.exe	Get hash	malicious	Browse	92.223.88.232
	AnyDesk.exe	Get hash	malicious	Browse	178.162.151.212
	AnyDesk-79b2d721.exe	Get hash	malicious	Browse	178.162.151.213
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103
	AnyDeskCKS.exe	Get hash	malicious	Browse	185.136.157.77
	AnyDesk-79b2d721.exe	Get hash	malicious	Browse	178.162.151.212
	anydesk (1).exe	Get hash	malicious	Browse	178.162.151.213
	9cmxMWArc9.exe	Get hash	malicious	Browse	178.162.151.212
	https://download.anydesk.com/AnyDesk.exe?_ga=2.5204531.1823000373.1605785469-1740974547.1605537346	Get hash	malicious	Browse	178.162.151.213
boot-02.net.anydesk.com	AnyDesk.exe	Get hash	malicious	Browse	92.223.88.41
	AnyDesk (1).exe	Get hash	malicious	Browse	92.223.88.232
	Vostel-Anydesk.EXE	Get hash	malicious	Browse	213.239.213.142
	AnyDesk.exe	Get hash	malicious	Browse	78.138.106.22
	AnyDesk_ETS_WIN.exe	Get hash	malicious	Browse	92.223.88.232

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CDN77GB	Microsoft.exe	Get hash	malicious	Browse	185.229.191.39
	http://www.notewhip.ru.com/kpxmjkdbeui/onvk873465okeqvxqgk/ZRmIC311fspI2cZLulB_YLFE0FFe07sHIZIqoSdC5dc/PXu81bQDormQmpMCRXQeYWz33UfREJQqS62D29pQ_9qO_ASBsdU3scsdMEWtuhNfnk-fZZ-fu3I9o4H-wnJm6kMV9HgVAk4dE1w4poL8qbOB7jUYHksEwWS82uLcTQEiNQED38_N94_QVozX71Vh5S6erb34pjqkThPSvHrPQBs	Get hash	malicious	Browse	89.187.165.194
	http://kinoking.cc	Get hash	malicious	Browse	89.187.169.39
	SuspectFile.exe	Get hash	malicious	Browse	185.229.191.39
	SecuriteInfo.com.Trojan.GenericKD.61507220.29657.4898.xlsx	Get hash	malicious	Browse	195.181.170.18
	http://gic.or.jp/ui/#aW5mb0BwYWNjYXJwYXJ0c2ZsZWV0c2VydmljZXMuY29t	Get hash	malicious	Browse	89.187.165.194
	https://quickwayelectric.brizy.site/	Get hash	malicious	Browse	185.59.220.194
	https://app.jetadmin.io/public/07y774ne4akcag313k3ufrlambmhe97e	Get hash	malicious	Browse	89.187.165.7
	https://protect-au.mimecast.com/s/6h9UCzvkGRhEwjgIXWO-1?domain=s1fctgtr.jlelectrics.com.au	Get hash	malicious	Browse	89.187.165.7
	https://app.jetadmin.io/public/07y774ne4akcag313k3ufrlambmhe97e	Get hash	malicious	Browse	185.59.220.17
	https://banana12933590.brizy.site/	Get hash	malicious	Browse	89.187.165.194
	RK35Wr4NxI	Get hash	malicious	Browse	195.181.169.2
	https://imagetrend.brizy.site/	Get hash	malicious	Browse	89.187.165.194
	https://imagetrend.brizy.site/	Get hash	malicious	Browse	89.187.165.194
	https://pixly.me/D1yP	Get hash	malicious	Browse	89.187.165.8
	https://elitecpss.co.za/en#cmFjaGFlbGtpbmdAYWxsZW5sYW5lLmNvLnVr	Get hash	malicious	Browse	89.187.165.7
	https://issuu.com/file.pdf_17kb/docs/faxmail_delivery_hs0087g?fr=sY2E1MzUyODMyOTY	Get hash	malicious	Browse	89.187.165.194
	https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsmartsourcellc.nimbusweb.me%2fshare%2f7432080%2fk80a9x1rszamxtg00vrf&c=E,1,8Js9lSlrWe24SIl73tx1DIzx_GvUA8mMiT0249ub44wycgmxAqT22Lgr-U9JRxHLLBsuyNhomlT2pK1ktokFpPzsCUyM1g1h26yZh-u2uopk5TDPlQ,,&typo=1	Get hash	malicious	Browse	89.187.165.194
	https://pxlme.me/BENDELI	Get hash	malicious	Browse	89.187.165.194
	363k6KwW9f	Get hash	malicious	Browse	156.146.54.82
HETZNER-ASDE	Microsoft.exe	Get hash	malicious	Browse	213.239.213.142
	file.exe	Get hash	malicious	Browse	116.203.187.3
	PaFMttaWWR.elf	Get hash	malicious	Browse	188.40.114.117
	file.exe	Get hash	malicious	Browse	95.217.49.230
	file.exe	Get hash	malicious	Browse	95.217.49.230
	file.exe	Get hash	malicious	Browse	95.217.49.230
	tXIIbl7Gu4.apk	Get hash	malicious	Browse	144.76.58.8
	file.exe	Get hash	malicious	Browse	95.217.49.230
	file.exe	Get hash	malicious	Browse	95.217.49.230
	file.exe	Get hash	malicious	Browse	116.203.187.3
	file.exe	Get hash	malicious	Browse	159.69.101.181
	OIfshagCLl.exe	Get hash	malicious	Browse	159.69.101.181
	BrR1MMhjXx.exe	Get hash	malicious	Browse	116.202.180.202
	H3csSmm493.apk	Get hash	malicious	Browse	144.76.58.8
	NeDZZ2Jbs4.exe	Get hash	malicious	Browse	148.251.234.83
	nSqB4VzzAP.exe	Get hash	malicious	Browse	95.217.124.105
	file.exe	Get hash	malicious	Browse	116.202.0.25
	file.exe	Get hash	malicious	Browse	116.202.0.25
	7FA0FC4B901FF3BB9002F33B4A7F0A01AEF10F36C8304.exe	Get hash	malicious	Browse	188.40.49.47
	D3DE52EC5E00EFF831E15A2719C702F98FBCF95183849.exe	Get hash	malicious	Browse	138.201.65.103

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
3f2fba0262b1a22b739126dfb2fe7a7d	AnyDesk (1).exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	anydesk (1).exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	https://download.anydesk.com/AnyDesk.exe?_ga=2.5204531.1823000373.1605785469-1740974547.1605537346	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	anydown.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	AnyDesk.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41
	filedata.exe	Get hash	malicious	Browse	88.198.34.103 185.229.191.44 92.223.88.7 92.223.88.232 92.223.88.41 49.12.130.235 195.181.174.173 49.12.130.236 185.229.191.41

Process:	C:\Users\user\Desktop\Microsoft.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	6.032732074621611
Encrypted:	false
SSDEEP:	48:9j67dIWJB/E1FVOMamGoUqUSMz0VXjpzqTsUjJGHb0c7LmMZdVISTiLRiCM9Ewc2:9eWqJ4XhGoISWqjpGYUjJQ9mMZDISTqO
MD5:	CC5870276FD44360F8CF7BF5753C07D8
SHA1:	CA5A81922C751B55E9C994A162EE3A5CB29B709B
SHA-256:	60ECF7D922A37601FF95430D2E7C163348432D4E887266B0267A3BB3DCF8D3D0
SHA-512:	5D3D1902BB906099055254C81EAF19321FDDA6790D3CBF26AE09D18B5B4E94FC7C18BAD0CA61A9EAB74DDC931FB0009F1B35DCB840E2B2D6DC7CD34B1D267CD0
Malicious:	false
Reputation:	low
Preview:	ad.anynet.pkey=-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDVdpSRm5oVvHPZ\nH2I7f9WRrv41xRWSAxtvd8tT+/I4buVV9Kbb0ZQLdNFyOWuGP0UfV7Ux2A1REhrJ\nGZiRHKbh96BMnFk/LH/OgTvz8cHgjEzbRWtLGg25anYtWbANj1cvhWivGe1TiDXB\nnh+uJ5pKsL0SE5HeVfE8KjoDkfUdaDj1eRwhie+qFyj+5DltCPEFKUhzPo9WAM8r\nQavu+3YmaiAalnVDfNp1CoW/7KyIc8yx1Cw9VGM7a+f311pWsimVPgnsLXlMZwcl\nmFVuiD03yhuEPL60yF8ujapUiNz4a1p1apYoUxnNnTIwziRORuXBiNtqyySmzEkp\n7iUMJkw3AgMBAAECggEBAMmd8r2Exoh5MsKEzfd8ym+LZTfMKo96t9MUxstQUHvU\n4m/JYECHNtmLQLguW8y0vcjYwp+NfSZxfzMqJdwJv+X2SUWS9wigMycNEV9bnM9G\nNOF2M9z/gq76SxySdaKZHLQZwcKBLpOTN5Lkku+fIDAjtrD4IvJpIiy9hYYRuf5G\n1Kavu3tbJJ4mdPhRuZ26Px6AC9xtU46XyvxbJq0i2t+GmbTpopy12RdoBkH0XKIL\nXKkbK0ALvM87evaiprDOutnruaOOQMOlCItJwpZ8lH2RKhdTnAObQDceGplZD43Z\nRp9dpl6VwDk7p34y8T45XeShYqV+l+/lntKSXOkUOiECgYEA7//e1ONlbTUDo8tO\nbpDjomUzfRq1HHuybRnCCeQpsrkIQDMw+97oaGNjs2pjs9ihqjoqxIpihMAKYThL\n72GEj4b1C0sDPMQ1gYCRMsD9/44drgqMlWrwrYFu97v7ygWWEdKD6mwVs+sa4DHr\nspIZ5u4dHdlk0vcu61tu1AuLV00CgYEA

C:\Users\user\AppData\Roaming\AnyDesk\system.conf

Download File

Process:	C:\Users\user\Desktop\Microsoft.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.42682567635979
Encrypted:	false
SSDEEP:	3:oLEo0Tb0GAdQR5ycUT37mnwSRAPc0aO4iWTUWRD0ahI:owH9drPQiUraLiWYWKahI
MD5:	922084DB87813DC943BD8D6B7AC25C28
SHA1:	94380B34F0813B7277B76ABDF7B68E6148F1B00D
SHA-256:	81E6EDEF7345684B62AD8883CB32A9709A0A9B052C90870295D9D7BB1D004AC4
SHA-512:	B9256AFD75AF4BA5BAECC151C5BF8C37DB205314400E9534CBB3178B770FD769D54CEC4254E1FFFAC27BF8CF68AD30F4825504EB0EA6541656D2990426CBBAF6
Malicious:	false
Reputation:	low
Preview:	ad.anynet.fpr=146fad056e85cce99869be46e733886ebbefb74e.ad.anynet.relay.error=3.336134278.ad.anynet.relay.state=1.

C:\Users\user\AppData\Roaming\AnyDesk\user.conf

Download File

Process:	C:\Users\user\Desktop\Microsoft.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.527174586404319
Encrypted:	false
SSDEEP:	6:oPOuc//HTVc/fl6/fTVc/Q2WY6l11oKWY1ms1oKWYrH+1v:oPO5Hmn8HTVc4XYW1lWYFlWYrel
MD5:	87BA4C07CA4D1D396CA437B5B1BD62D2
SHA1:	CFE5596EEA7C4E002A385CB8E6B36EFF3C7098B1
SHA-256:	6F7A53DBF15775B06F9FB11132AC8EF68CEE01AA6FC675DA217D4F5BDC0D626D
SHA-512:	59F8470AC4272E6C382D0565AD750CDBEEE3D2FA5E5EE53190CF6D7BDCFBB484D3EE646607DE3EF82E62CDAB28C4547524E248356FE951DCC8525DC559ACAC1D
Malicious:	false
Reputation:	low
Preview:	ad.ui.lang=en.ad.ui.main_win.width=960.ad.ui.main_win.height=738.ad.ui.main_win.x=160.ad.ui.main_win.y=123.ad.roster.discovered.view_type=2.ad.roster.favorites.view_type=2.ad.roster.recent_out.view_type=2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

Download File

Process:	C:\Users\user\Desktop\Microsoft.exe
File Type:	data
Category:	dropped
Size (bytes):	3226
Entropy (8bit):	3.2890322757579034
Encrypted:	false
SSDEEP:	48:IIDQ7+/9dLpLRcoykIDQ7+8+dLpLR7NyH:IyQqtFnyQqrF7k
MD5:	FCBA09FC485B9F80816A266C999FC2C3
SHA1:	8EF4E60D9ABAFCF92913A1B8E3A73B4BE5A40FF7
SHA-256:	EA17B47ED42623F50171A58DB19D855D605EB01693490EDEFAF3ACC83D735D55
SHA-512:	9A9A79C21A1AA3F4E2655DAD2DEC1C5CF678C019ED46E1FEDD0F14B880982458D2A74F7D7421F0B937E902319CB1B293D486FCF962D98C52D533F0ABFF0F3BC5
Malicious:	false
Reputation:	low
Preview:	...................................FL..................F.@.. ....L......S.#....;.Q"......9..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&......N....-....#......@%......h.2...9.%U.) .MICROS~1.EXE..L.......U.%U.).....R.....................Q..M.i.c.r.o.s.o.f.t...e.x.e.......S...............-.......R....................C:\Users\user\Desktop\Microsoft.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...$.C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.D.e.s.k.t.o.p.\.M.i.c.r.o.s.o.f.t...e.x.e.........%USERPROFILE%\Desktop\Microsoft.exe.................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.M.i.c.r.o.s.o.f.t...e.x.e..........................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DWUEE31AMENZCJEVPQCJ.temp

Download File

Process:	C:\Users\user\Desktop\Microsoft.exe
File Type:	data
Category:	dropped
Size (bytes):	3226
Entropy (8bit):	3.2890322757579034
Encrypted:	false
SSDEEP:	48:IIDQ7+/9dLpLRcoykIDQ7+8+dLpLR7NyH:IyQqtFnyQqrF7k
MD5:	FCBA09FC485B9F80816A266C999FC2C3
SHA1:	8EF4E60D9ABAFCF92913A1B8E3A73B4BE5A40FF7
SHA-256:	EA17B47ED42623F50171A58DB19D855D605EB01693490EDEFAF3ACC83D735D55
SHA-512:	9A9A79C21A1AA3F4E2655DAD2DEC1C5CF678C019ED46E1FEDD0F14B880982458D2A74F7D7421F0B937E902319CB1B293D486FCF962D98C52D533F0ABFF0F3BC5
Malicious:	false
Reputation:	low
Preview:	...................................FL..................F.@.. ....L......S.#....;.Q"......9..........................P.O. .:i.....+00.:...:..,.LB.)...A&...&......N....-....#......@%......h.2...9.%U.) .MICROS~1.EXE..L.......U.%U.).....R.....................Q..M.i.c.r.o.s.o.f.t...e.x.e.......S...............-.......R....................C:\Users\user\Desktop\Microsoft.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...$.C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.D.e.s.k.t.o.p.\.M.i.c.r.o.s.o.f.t...e.x.e.........%USERPROFILE%\Desktop\Microsoft.exe.................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.e.s.k.t.o.p.\.M.i.c.r.o.s.o.f.t...e.x.e..........................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.999367235060677
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Microsoft.exe
File size:	3743464
MD5:	64d3b02073aa813c69cf0ca52182fa37
SHA1:	f9aefd3d984cdb4866c110f08407f1989eff7fb6
SHA256:	1c702e234542e2bb53e45211cc3ae4426a5088de9510dae58a9ff8b7a65e294f
SHA512:	c37db2565afb4b4c08c037cc07de968067638394f69bf65f90e1ea100106cccc02abbf88affa76431351cd9e44d289da834c99be3b537f782d72b407b6f53b5f
SSDEEP:	49152:/4zJlO9Tddc2cC6ohU+5Ja0EbMYp0PHJ3zgROYbhnUvOVhYoST8RQXoYz+lJI:8+dYaHUeJabdipTchUvEhZSiKpKI
TLSH:	200633E5F30591D3E390DD327ADB7B717B1448FBB02843C2C679550BE284F99B1AA1A1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........h.}.;.}.;.}.;..";.}.;..#;.}.;...;.}.;...;.}.;Rich.}.;........................PE..L...-iF`.........."......*....8..".........

File Icon


Icon Hash:	499669d8d82916a8

Static PE Info

General

Entrypoint:	0x401ce9
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6046692D [Mon Mar 8 18:13:01 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	10/23/2018 5:00:00 PM 1/5/2022 4:00:00 AM
Subject Chain	CN=philandro Software GmbH, O=philandro Software GmbH, L=Stuttgart, C=DE
Version:	3
Thumbprint MD5:	A7C9563A13F15EE0E171EF6AA4C7A787
Thumbprint SHA-1:	8F2DE7E770A8B1E412C2DE131064D7A52DA62287
Thumbprint SHA-256:	7CF9EC56F8DB42DB83D8C7693E86093E983AA70957A7F7F2508B940758B4E842
Serial:	03E9EB4DFF67D4F9A554A422D5ED86F3

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 64h
push esi
lea ecx, dword ptr [ebp-64h]
call 00007F5CB4A4F3F3h
lea eax, dword ptr [ebp-64h]
mov ecx, eax
mov dword ptr [011CFE70h], eax
call 00007F5CB4A4F2B1h
test al, al
jne 00007F5CB4A4FA14h
mov esi, 000003E8h
lea ecx, dword ptr [ebp-64h]
call 00007F5CB4A4F29Fh
mov eax, esi
pop esi
leave
ret
lea eax, dword ptr [ebp-64h]
push eax
lea ecx, dword ptr [ebp-30h]
call 00007F5CB4A4F0D3h
lea eax, dword ptr [ebp-30h]
mov ecx, eax
mov dword ptr [011CFE74h], eax
call 00007F5CB4A4F06Bh
test al, al
jne 00007F5CB4A4FA11h
lea ecx, dword ptr [ebp-30h]
call 00007F5CB4A4F050h
mov esi, 000003E9h
jmp 00007F5CB4A4F9C7h
cmp dword ptr [ebp-10h], 00000000h
je 00007F5CB4A4FA0Ah
push 00000800h
call dword ptr [ebp-10h]
cmp dword ptr [ebp-0Ch], 00000000h
je 00007F5CB4A4FA0Ah
push 00008001h
call dword ptr [ebp-0Ch]
lea eax, dword ptr [ebp-64h]
push eax
lea esi, dword ptr [ebp-30h]
call 00007F5CB4A4F955h
pop ecx
mov esi, eax
push esi
call dword ptr [ebp-20h]
lea ecx, dword ptr [ebp-30h]
call 00007F5CB4A4F012h
jmp 00007F5CB4A4F98Eh
mov edx, dword ptr [esp+04h]
push ebx
mov ebx, dword ptr [esp+10h]
push esi
xor esi, esi
test ebx, ebx
je 00007F5CB4A4FA31h
push edi
mov edi, dword ptr [esp+14h]
sub edi, 011CFE78h
imul edx, edx, 0019660Dh
add edx, 3C6EF35Fh
mov eax, edx
shr eax, 0Ch

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ C ] VS2010 build 30319
[RES] VS2010 SP1 build 40219
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xdd1000	0x3290	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x38ea00	0x34e8	.itext
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdd5000	0x84	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xa47000	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2835	0x2a00	False	0.5950520833333334	data	6.512072096958481	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x4000	0xa42200	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xa47000	0x2fa	0x400	False	0.724609375	data	5.62601368936466	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa48000	0x38827c	0x388000	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xdd1000	0x3290	0x3400	False	0.6781099759615384	data	6.683717130758328	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xdd5000	0x300	0x400	False	0.1455078125	data	1.181265380704217	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0xdd11f0	0x1b8e	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0xdd2d80	0x668	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ICON	0xdd33e8	0x2e8	data	English	United States
RT_ICON	0xdd36d0	0x1e8	data	English	United States
RT_ICON	0xdd38b8	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_GROUP_ICON	0xdd39e0	0x4c	data	English	United States
RT_VERSION	0xdd3a30	0x258	data	English	United States
RT_MANIFEST	0xdd3c88	0x607	XML 1.0 document, ASCII text	English	United States

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 4, 2022 22:13:02.877859116 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:02.877907991 CEST	443	49725	92.223.88.7	192.168.2.3
Sep 4, 2022 22:13:02.877985001 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:02.878983021 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:02.879008055 CEST	443	49725	92.223.88.7	192.168.2.3
Sep 4, 2022 22:13:02.956157923 CEST	443	49725	92.223.88.7	192.168.2.3
Sep 4, 2022 22:13:02.956285000 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:02.957151890 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:02.957170010 CEST	443	49725	92.223.88.7	192.168.2.3
Sep 4, 2022 22:13:02.957304001 CEST	443	49725	92.223.88.7	192.168.2.3
Sep 4, 2022 22:13:02.957360029 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:02.957559109 CEST	49725	443	192.168.2.3	92.223.88.7
Sep 4, 2022 22:13:03.276920080 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.301979065 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:03.302115917 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.333080053 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.357969046 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:03.359908104 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:03.359950066 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:03.360007048 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.371423006 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.396496058 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:03.396593094 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:03.396691084 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.484107018 CEST	49726	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:03.509284019 CEST	80	49726	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:04.607234001 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.630995035 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.631216049 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.631997108 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.655637980 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.657352924 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.657401085 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.657484055 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.668502092 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.692411900 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.692464113 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.692583084 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.693191051 CEST	49727	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:04.716676950 CEST	6568	49727	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:04.830852032 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:04.830908060 CEST	443	49728	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:04.831011057 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:04.844621897 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:04.844666958 CEST	443	49728	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:04.909487009 CEST	443	49728	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:04.909595966 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:04.910434008 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:04.910454035 CEST	443	49728	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:04.910702944 CEST	443	49728	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:04.910765886 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:04.910861969 CEST	49728	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:05.042725086 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.071535110 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.071630955 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.072607040 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.101617098 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.103645086 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.103689909 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.103745937 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.115262032 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.144270897 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.144308090 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.144395113 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.144953966 CEST	49729	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:05.173690081 CEST	80	49729	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:05.269804001 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.294935942 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:05.295047045 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.295948982 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.320904016 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:05.323426008 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:05.323478937 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:05.323576927 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.335333109 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.360332966 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:05.360371113 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:05.360519886 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.361098051 CEST	49730	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:05.385982037 CEST	6568	49730	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:07.032761097 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.032816887 CEST	443	49731	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.032943964 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.035140038 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.035176039 CEST	443	49731	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.079467058 CEST	443	49731	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.079668045 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.080319881 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.080342054 CEST	443	49731	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.080605984 CEST	443	49731	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.080683947 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.080718040 CEST	49731	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.233326912 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.262320042 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.262598038 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.263886929 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.292964935 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.294485092 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.294528008 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.294621944 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.305835009 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.334846973 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.334887028 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.334984064 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.335823059 CEST	49732	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:07.364687920 CEST	80	49732	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:07.480212927 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.498796940 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.498972893 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.499910116 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.518326044 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.520551920 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.520654917 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.520744085 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.541929960 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.560570955 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.560626984 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.560710907 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.561322927 CEST	49733	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:07.579722881 CEST	6568	49733	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:07.765309095 CEST	49734	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:07.765364885 CEST	443	49734	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:07.765455961 CEST	49734	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:07.766608953 CEST	49734	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:07.766633034 CEST	443	49734	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:07.820897102 CEST	443	49734	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:07.821033001 CEST	49734	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:07.821716070 CEST	49734	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:07.821733952 CEST	443	49734	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:07.822072983 CEST	49734	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:07.992496967 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.015798092 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.015927076 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.016855001 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.040119886 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.041646004 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.041687965 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.041817904 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.063577890 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.087040901 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.087079048 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.087152958 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.087810993 CEST	49735	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:08.110884905 CEST	80	49735	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:08.211076975 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.232769966 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:08.232903004 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.233840942 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.255395889 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:08.257879019 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:08.257921934 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:08.258034945 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.270106077 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.292192936 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:08.292241096 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:08.292335987 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.292936087 CEST	49736	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:08.314512968 CEST	6568	49736	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:10.620748043 CEST	49740	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:10.620809078 CEST	443	49740	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:10.620909929 CEST	49740	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:10.621882915 CEST	49740	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:10.621937037 CEST	443	49740	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:10.675049067 CEST	443	49740	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:10.675209999 CEST	49740	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:10.675870895 CEST	49740	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:10.675925016 CEST	443	49740	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:10.676136017 CEST	49740	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:10.762891054 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.792129040 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.792284012 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.793160915 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.822268009 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.823966026 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.824011087 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.824125051 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.835382938 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.864681959 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.864731073 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.864864111 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.865691900 CEST	49741	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:10.894814968 CEST	80	49741	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:10.986145020 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.004578114 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.004682064 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.005762100 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.023988008 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.026335955 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.026396990 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.026467085 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.038332939 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.056891918 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.056937933 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.057005882 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.057878971 CEST	49742	6568	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:11.076179028 CEST	6568	49742	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:11.164089918 CEST	49743	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:11.164141893 CEST	443	49743	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:11.164239883 CEST	49743	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:11.165222883 CEST	49743	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:11.165252924 CEST	443	49743	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:11.217370033 CEST	443	49743	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:11.217508078 CEST	49743	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:11.221308947 CEST	49743	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:11.221333981 CEST	443	49743	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:11.221688986 CEST	49743	443	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:11.298490047 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.327522993 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.327640057 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.331063986 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.360013008 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.361974955 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.362023115 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.362133026 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.373832941 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.402930021 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.402976036 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.403049946 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.403692961 CEST	49744	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:11.432378054 CEST	80	49744	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:11.561191082 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.586575985 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:11.586739063 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.587666035 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.612893105 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:11.615263939 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:11.615305901 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:11.615416050 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.626549006 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.652133942 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:11.652170897 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:11.652329922 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.652934074 CEST	49745	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:11.678047895 CEST	6568	49745	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:17.199435949 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.199491024 CEST	443	49751	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:17.199700117 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.200520992 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.200546026 CEST	443	49751	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:17.244976044 CEST	443	49751	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:17.245079041 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.245779991 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.245795965 CEST	443	49751	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:17.246066093 CEST	443	49751	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:17.246129990 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.246273994 CEST	49751	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:17.321830988 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.351088047 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.351238012 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.352219105 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.381402016 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.383167982 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.383223057 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.383369923 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.402539015 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.432214022 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.432270050 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.432403088 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.433163881 CEST	49752	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:13:17.462425947 CEST	80	49752	92.223.88.232	192.168.2.3
Sep 4, 2022 22:13:17.539927006 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.561487913 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.561615944 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.562581062 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.584141016 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.587276936 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.587333918 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.587418079 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.598448992 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.620542049 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.620596886 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.620832920 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.621305943 CEST	49753	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:13:17.645204067 CEST	6568	49753	88.198.34.103	192.168.2.3
Sep 4, 2022 22:13:17.744715929 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.744786024 CEST	443	49754	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:17.745635986 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.746655941 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.746682882 CEST	443	49754	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:17.804753065 CEST	443	49754	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:17.804881096 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.805531979 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.805550098 CEST	443	49754	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:17.805816889 CEST	443	49754	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:17.805846930 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.805886984 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.805900097 CEST	49754	443	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:17.977426052 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.001307011 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.004683018 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.005815029 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.030376911 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.035665989 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.035707951 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.037641048 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.077322006 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.099971056 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.100038052 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.101731062 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.108913898 CEST	49755	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:13:18.131272078 CEST	80	49755	213.239.213.142	192.168.2.3
Sep 4, 2022 22:13:18.252027988 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.277726889 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:18.277915955 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.278913975 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.303534031 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:18.303947926 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:18.303977013 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:18.304060936 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.315623999 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.340899944 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:18.340948105 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:18.341036081 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.341743946 CEST	49756	6568	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:18.365715027 CEST	6568	49756	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:27.705347061 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.705404043 CEST	443	49758	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:27.705493927 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.706295967 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.706325054 CEST	443	49758	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:27.760840893 CEST	443	49758	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:27.760977983 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.764358044 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.764380932 CEST	443	49758	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:27.764765024 CEST	443	49758	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:27.764893055 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.764923096 CEST	49758	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:27.899180889 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.918010950 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:27.918521881 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.919950962 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.938630104 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:27.940901041 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:27.940939903 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:27.941406012 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.952389002 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.971484900 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:27.971537113 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:27.971643925 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.972278118 CEST	49759	80	192.168.2.3	195.181.174.173
Sep 4, 2022 22:13:27.990957022 CEST	80	49759	195.181.174.173	192.168.2.3
Sep 4, 2022 22:13:28.101969957 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.126972914 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.127124071 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.128024101 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.152920008 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.154994011 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.155036926 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.155169010 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.166261911 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.191380978 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.191425085 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.191536903 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.192157030 CEST	49760	6568	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:28.217180967 CEST	6568	49760	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:28.360667944 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.360726118 CEST	443	49761	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.360905886 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.362978935 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.363003969 CEST	443	49761	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.428945065 CEST	443	49761	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.429146051 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.433027029 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.433060884 CEST	443	49761	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.433357954 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.433377028 CEST	49761	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.558455944 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.587296009 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.587552071 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.589956045 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.618855000 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.620569944 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.620606899 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.620681047 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.631774902 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.660878897 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.660919905 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.661048889 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.662250042 CEST	49762	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:28.691104889 CEST	80	49762	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:28.781941891 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.807487965 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:28.807646990 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.810151100 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.835566998 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:28.903783083 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:28.904000998 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.930094957 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:28.930296898 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.949084997 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.974706888 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:28.974725008 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:28.974819899 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:28.975450993 CEST	49763	6568	192.168.2.3	185.229.191.41
Sep 4, 2022 22:13:29.000776052 CEST	6568	49763	185.229.191.41	192.168.2.3
Sep 4, 2022 22:13:46.843324900 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:46.843369007 CEST	443	49774	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:46.843492985 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:46.845534086 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:46.845561981 CEST	443	49774	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:46.911077023 CEST	443	49774	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:46.911204100 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:46.912309885 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:46.912328005 CEST	443	49774	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:46.912630081 CEST	443	49774	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:46.912693977 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:46.912889004 CEST	49774	443	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.047107935 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.075829983 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.075999022 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.076816082 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.105685949 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.107412100 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.107456923 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.107590914 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.125807047 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.155031919 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.155098915 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.155232906 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.156219959 CEST	49775	80	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.184839964 CEST	80	49775	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.252552986 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.276103020 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.277312994 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.277364016 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.301021099 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.303590059 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.303642988 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.303776979 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.315848112 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.339412928 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.339443922 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.339535952 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.340384960 CEST	49776	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:13:47.363837004 CEST	6568	49776	49.12.130.236	192.168.2.3
Sep 4, 2022 22:13:47.464272022 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.464313984 CEST	443	49777	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:47.464554071 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.465292931 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.465313911 CEST	443	49777	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:47.519856930 CEST	443	49777	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:47.519973040 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.521442890 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.521456957 CEST	443	49777	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:47.521812916 CEST	443	49777	49.12.130.235	192.168.2.3
Sep 4, 2022 22:13:47.521898031 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.522488117 CEST	49777	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:13:47.620287895 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.645339966 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.645519018 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.646418095 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.671406031 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.678735018 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.678776979 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.679115057 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.689683914 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.714853048 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.714885950 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.715400934 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.716209888 CEST	49778	80	192.168.2.3	185.229.191.44
Sep 4, 2022 22:13:47.741251945 CEST	80	49778	185.229.191.44	192.168.2.3
Sep 4, 2022 22:13:47.830341101 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.859661102 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.859847069 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.862400055 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.891498089 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.893497944 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.893553972 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.893812895 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.905086040 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.934611082 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.934650898 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:13:47.934777021 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.935420990 CEST	49779	6568	192.168.2.3	92.223.88.41
Sep 4, 2022 22:13:47.964525938 CEST	6568	49779	92.223.88.41	192.168.2.3
Sep 4, 2022 22:14:26.180819035 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.180871010 CEST	443	49782	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:26.180955887 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.181853056 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.181875944 CEST	443	49782	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:26.236552000 CEST	443	49782	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:26.236654043 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.237433910 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.237446070 CEST	443	49782	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:26.237690926 CEST	443	49782	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:26.237766981 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.237844944 CEST	49782	443	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:26.442464113 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.461307049 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.461435080 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.462410927 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.481070042 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.483030081 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.483086109 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.483228922 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.495177031 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.513989925 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.514049053 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.514116049 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.514760971 CEST	49783	80	192.168.2.3	195.181.174.167
Sep 4, 2022 22:14:26.533396006 CEST	80	49783	195.181.174.167	192.168.2.3
Sep 4, 2022 22:14:26.679691076 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.708569050 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.708682060 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.709821939 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.738493919 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.740410089 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.740463972 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.740525007 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.752125978 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.781981945 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.782048941 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.782113075 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.782707930 CEST	49784	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:14:26.811460018 CEST	6568	49784	92.223.88.232	192.168.2.3
Sep 4, 2022 22:14:26.942643881 CEST	49785	443	192.168.2.3	185.229.191.44
Sep 4, 2022 22:14:26.942703962 CEST	443	49785	185.229.191.44	192.168.2.3
Sep 4, 2022 22:14:26.942797899 CEST	49785	443	192.168.2.3	185.229.191.44
Sep 4, 2022 22:14:26.943967104 CEST	49785	443	192.168.2.3	185.229.191.44
Sep 4, 2022 22:14:26.943991899 CEST	443	49785	185.229.191.44	192.168.2.3
Sep 4, 2022 22:14:27.000993967 CEST	443	49785	185.229.191.44	192.168.2.3
Sep 4, 2022 22:14:27.001147032 CEST	49785	443	192.168.2.3	185.229.191.44
Sep 4, 2022 22:14:27.001822948 CEST	49785	443	192.168.2.3	185.229.191.44
Sep 4, 2022 22:14:27.001853943 CEST	443	49785	185.229.191.44	192.168.2.3
Sep 4, 2022 22:14:27.002083063 CEST	49785	443	192.168.2.3	185.229.191.44
Sep 4, 2022 22:14:27.118036985 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.141786098 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.141894102 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.142983913 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.166752100 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.169167995 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.169226885 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.169290066 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.180810928 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.205979109 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.208261967 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.208369970 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.209475040 CEST	49786	80	192.168.2.3	49.12.130.235
Sep 4, 2022 22:14:27.234452009 CEST	80	49786	49.12.130.235	192.168.2.3
Sep 4, 2022 22:14:27.336256027 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.361438036 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:27.361594915 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.378616095 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.402194023 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:27.404762030 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:27.404822111 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:27.404946089 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.416652918 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.440404892 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:27.440442085 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:14:27.440553904 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.441083908 CEST	49787	6568	192.168.2.3	49.12.130.236
Sep 4, 2022 22:14:27.464426994 CEST	6568	49787	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:08.987215042 CEST	49789	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:08.987282991 CEST	443	49789	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:08.987391949 CEST	49789	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:08.988236904 CEST	49789	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:08.988266945 CEST	443	49789	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:09.033842087 CEST	443	49789	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:09.034012079 CEST	49789	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:09.034883022 CEST	49789	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:09.034903049 CEST	443	49789	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:09.035263062 CEST	49789	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:09.144702911 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.174161911 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.174289942 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.175687075 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.205025911 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.206814051 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.206866026 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.206928015 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.280533075 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.310147047 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.310198069 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.310270071 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.311064959 CEST	49790	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.340217113 CEST	80	49790	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.446537018 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.469439030 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.469557047 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.470690966 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.493009090 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.497669935 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.497724056 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.497802973 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.511089087 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.533859015 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.533952951 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.534048080 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.534663916 CEST	49791	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:09.556926012 CEST	6568	49791	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:09.666066885 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.666109085 CEST	443	49792	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.666214943 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.667109966 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.667124033 CEST	443	49792	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.733022928 CEST	443	49792	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.733181000 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.735219955 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.735258102 CEST	443	49792	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.735748053 CEST	443	49792	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:09.736217022 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.737045050 CEST	49792	443	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:09.926923990 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:09.948960066 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:09.949120998 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:09.950750113 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:09.972673893 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:09.975543976 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:09.975589991 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:09.975676060 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:09.995476961 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:10.017802000 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:10.017846107 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:10.018172026 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:10.019539118 CEST	49793	80	192.168.2.3	213.239.213.142
Sep 4, 2022 22:15:10.041291952 CEST	80	49793	213.239.213.142	192.168.2.3
Sep 4, 2022 22:15:10.200619936 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.229984045 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:10.231657982 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.232603073 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.261671066 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:10.264111996 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:10.264163017 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:10.264293909 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.276573896 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.306224108 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:10.306268930 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:10.306401968 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.307068110 CEST	49794	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:10.336345911 CEST	6568	49794	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:45.015101910 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.015151024 CEST	443	49804	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:45.015269995 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.016078949 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.016100883 CEST	443	49804	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:45.060312033 CEST	443	49804	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:45.060414076 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.071923018 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.071938992 CEST	443	49804	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:45.072305918 CEST	443	49804	195.181.174.173	192.168.2.3
Sep 4, 2022 22:15:45.073160887 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.080004930 CEST	49804	443	192.168.2.3	195.181.174.173
Sep 4, 2022 22:15:45.272490978 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.295706987 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.295834064 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.297851086 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.320904016 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.323474884 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.323529005 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.323672056 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.340380907 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.363780975 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.363822937 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.363998890 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.365564108 CEST	49805	80	192.168.2.3	49.12.130.236
Sep 4, 2022 22:15:45.388506889 CEST	80	49805	49.12.130.236	192.168.2.3
Sep 4, 2022 22:15:45.524621964 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.546612978 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.547267914 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.548171043 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.570118904 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.573041916 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.573092937 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.573227882 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.593931913 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.616108894 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.616153955 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.616285086 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.617921114 CEST	49806	6568	192.168.2.3	88.198.34.103
Sep 4, 2022 22:15:45.639857054 CEST	6568	49806	88.198.34.103	192.168.2.3
Sep 4, 2022 22:15:45.777345896 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.777422905 CEST	443	49807	49.12.130.235	192.168.2.3
Sep 4, 2022 22:15:45.777534962 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.778378963 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.778403997 CEST	443	49807	49.12.130.235	192.168.2.3
Sep 4, 2022 22:15:45.832333088 CEST	443	49807	49.12.130.235	192.168.2.3
Sep 4, 2022 22:15:45.832490921 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.834184885 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.834218025 CEST	443	49807	49.12.130.235	192.168.2.3
Sep 4, 2022 22:15:45.834599018 CEST	443	49807	49.12.130.235	192.168.2.3
Sep 4, 2022 22:15:45.835421085 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.835520983 CEST	49807	443	192.168.2.3	49.12.130.235
Sep 4, 2022 22:15:45.976274967 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.005105019 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.006448984 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.007704973 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.036571026 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.038220882 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.038275003 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.038487911 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.059439898 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.088443995 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.088490009 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.088648081 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.089371920 CEST	49808	80	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.118191004 CEST	80	49808	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.288861990 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.318211079 CEST	6568	49809	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.318366051 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.320691109 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.349896908 CEST	6568	49809	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.351648092 CEST	6568	49809	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.351707935 CEST	6568	49809	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.351810932 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.375716925 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.405277014 CEST	6568	49809	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.405317068 CEST	6568	49809	92.223.88.232	192.168.2.3
Sep 4, 2022 22:15:46.405529976 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.406454086 CEST	49809	6568	192.168.2.3	92.223.88.232
Sep 4, 2022 22:15:46.435885906 CEST	6568	49809	92.223.88.232	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 4, 2022 22:13:02.844501019 CEST	60582	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:02.864518881 CEST	53	60582	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:03.248831034 CEST	57134	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:03.266985893 CEST	53	57134	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:04.585566998 CEST	62050	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:04.604871035 CEST	53	62050	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:04.810920000 CEST	56042	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:04.828495026 CEST	53	56042	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:05.020955086 CEST	59636	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:05.040250063 CEST	53	59636	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:05.248112917 CEST	55638	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:05.265543938 CEST	53	55638	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:07.006247997 CEST	57704	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:07.026952028 CEST	53	57704	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:07.211683035 CEST	65320	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:07.230946064 CEST	53	65320	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:07.458175898 CEST	60767	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:07.477770090 CEST	53	60767	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:07.742679119 CEST	65107	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:07.762092113 CEST	53	65107	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:07.968744993 CEST	53848	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:07.988354921 CEST	53	53848	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:08.189215899 CEST	57571	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:08.208484888 CEST	53	57571	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:10.597569942 CEST	53305	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:10.617069960 CEST	53	53305	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:10.740879059 CEST	59433	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:10.760051012 CEST	53	59433	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:10.964409113 CEST	60749	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:10.983652115 CEST	53	60749	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:11.141819954 CEST	56949	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:11.161725044 CEST	53	56949	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:11.277159929 CEST	52547	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:11.296356916 CEST	53	52547	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:11.539264917 CEST	53844	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:11.558692932 CEST	53	53844	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:17.179461002 CEST	53466	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:17.197035074 CEST	53	53466	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:17.298875093 CEST	57743	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:17.318211079 CEST	53	57743	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:17.516885042 CEST	53623	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:17.536930084 CEST	53	53623	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:17.723865032 CEST	61416	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:17.742660046 CEST	53	61416	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:17.951152086 CEST	65196	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:17.973860025 CEST	53	65196	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:18.228534937 CEST	58708	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:18.249800920 CEST	53	58708	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:27.684071064 CEST	59581	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:27.703454971 CEST	53	59581	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:27.875869036 CEST	53049	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:27.896982908 CEST	53	53049	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:28.079587936 CEST	60088	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:28.098973989 CEST	53	60088	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:28.335681915 CEST	63562	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:28.355464935 CEST	53	63562	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:28.533951044 CEST	53428	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:28.553292990 CEST	53	53428	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:28.759232998 CEST	65511	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:28.777220011 CEST	53	65511	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:46.818967104 CEST	63446	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:46.838434935 CEST	53	63446	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:47.025422096 CEST	49874	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:47.044917107 CEST	53	49874	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:47.229859114 CEST	65459	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:47.249342918 CEST	53	65459	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:47.442375898 CEST	65385	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:47.462086916 CEST	53	65385	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:47.596582890 CEST	54153	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:47.615897894 CEST	53	54153	8.8.8.8	192.168.2.3
Sep 4, 2022 22:13:47.806103945 CEST	64602	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:13:47.825512886 CEST	53	64602	8.8.8.8	192.168.2.3
Sep 4, 2022 22:14:26.158761978 CEST	64967	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:14:26.178806067 CEST	53	64967	8.8.8.8	192.168.2.3
Sep 4, 2022 22:14:26.419131994 CEST	60825	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:14:26.438484907 CEST	53	60825	8.8.8.8	192.168.2.3
Sep 4, 2022 22:14:26.655685902 CEST	49201	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:14:26.673003912 CEST	53	49201	8.8.8.8	192.168.2.3
Sep 4, 2022 22:14:26.921297073 CEST	64936	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:14:26.940520048 CEST	53	64936	8.8.8.8	192.168.2.3
Sep 4, 2022 22:14:27.096514940 CEST	60473	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:14:27.115833998 CEST	53	60473	8.8.8.8	192.168.2.3
Sep 4, 2022 22:14:27.305553913 CEST	59374	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:14:27.325629950 CEST	53	59374	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:08.964452982 CEST	61184	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:08.983901978 CEST	53	61184	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:09.122669935 CEST	57387	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:09.142267942 CEST	53	57387	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:09.417645931 CEST	50228	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:09.436985970 CEST	53	50228	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:09.640180111 CEST	53269	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:09.657557964 CEST	53	53269	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:09.905219078 CEST	59827	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:09.923208952 CEST	53	59827	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:10.178621054 CEST	62431	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:10.198447943 CEST	53	62431	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:44.994816065 CEST	61126	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:45.012372971 CEST	53	61126	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:45.250386000 CEST	55390	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:45.269836903 CEST	53	55390	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:45.502990961 CEST	58912	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:45.520530939 CEST	53	58912	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:45.755681992 CEST	50622	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:45.775060892 CEST	53	50622	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:45.954569101 CEST	55649	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:45.973865032 CEST	53	55649	8.8.8.8	192.168.2.3
Sep 4, 2022 22:15:46.266068935 CEST	64376	53	192.168.2.3	8.8.8.8
Sep 4, 2022 22:15:46.285326958 CEST	53	64376	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 4, 2022 22:13:02.844501019 CEST	192.168.2.3	8.8.8.8	0xe872	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:03.248831034 CEST	192.168.2.3	8.8.8.8	0xd300	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:04.585566998 CEST	192.168.2.3	8.8.8.8	0xe238	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:04.810920000 CEST	192.168.2.3	8.8.8.8	0xd106	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:05.020955086 CEST	192.168.2.3	8.8.8.8	0xc958	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:05.248112917 CEST	192.168.2.3	8.8.8.8	0x28e6	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.006247997 CEST	192.168.2.3	8.8.8.8	0x5386	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.211683035 CEST	192.168.2.3	8.8.8.8	0xbeb2	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.458175898 CEST	192.168.2.3	8.8.8.8	0x3f0e	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.742679119 CEST	192.168.2.3	8.8.8.8	0x4364	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.968744993 CEST	192.168.2.3	8.8.8.8	0xf35b	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:08.189215899 CEST	192.168.2.3	8.8.8.8	0xa74d	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:10.597569942 CEST	192.168.2.3	8.8.8.8	0xfa29	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:10.740879059 CEST	192.168.2.3	8.8.8.8	0xc088	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:10.964409113 CEST	192.168.2.3	8.8.8.8	0xdccf	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:11.141819954 CEST	192.168.2.3	8.8.8.8	0x4bf2	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:11.277159929 CEST	192.168.2.3	8.8.8.8	0xb18c	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:11.539264917 CEST	192.168.2.3	8.8.8.8	0x4f39	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.179461002 CEST	192.168.2.3	8.8.8.8	0x3fca	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.298875093 CEST	192.168.2.3	8.8.8.8	0xdb54	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.516885042 CEST	192.168.2.3	8.8.8.8	0xa84c	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.723865032 CEST	192.168.2.3	8.8.8.8	0xc1e5	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.951152086 CEST	192.168.2.3	8.8.8.8	0x61b3	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:18.228534937 CEST	192.168.2.3	8.8.8.8	0xf0d0	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:27.684071064 CEST	192.168.2.3	8.8.8.8	0x129	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:27.875869036 CEST	192.168.2.3	8.8.8.8	0xad33	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.079587936 CEST	192.168.2.3	8.8.8.8	0xa876	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.335681915 CEST	192.168.2.3	8.8.8.8	0xd839	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.533951044 CEST	192.168.2.3	8.8.8.8	0xf5d6	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.759232998 CEST	192.168.2.3	8.8.8.8	0xe31b	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:46.818967104 CEST	192.168.2.3	8.8.8.8	0xc193	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.025422096 CEST	192.168.2.3	8.8.8.8	0xda	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.229859114 CEST	192.168.2.3	8.8.8.8	0x291f	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.442375898 CEST	192.168.2.3	8.8.8.8	0xe10f	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.596582890 CEST	192.168.2.3	8.8.8.8	0xeb56	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.806103945 CEST	192.168.2.3	8.8.8.8	0xd530	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.158761978 CEST	192.168.2.3	8.8.8.8	0x6975	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.419131994 CEST	192.168.2.3	8.8.8.8	0x9790	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.655685902 CEST	192.168.2.3	8.8.8.8	0x5ebe	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.921297073 CEST	192.168.2.3	8.8.8.8	0x7999	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:27.096514940 CEST	192.168.2.3	8.8.8.8	0x604f	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:27.305553913 CEST	192.168.2.3	8.8.8.8	0x8290	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:08.964452982 CEST	192.168.2.3	8.8.8.8	0x4e6	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.122669935 CEST	192.168.2.3	8.8.8.8	0x792a	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.417645931 CEST	192.168.2.3	8.8.8.8	0x2813	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.640180111 CEST	192.168.2.3	8.8.8.8	0xf90a	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.905219078 CEST	192.168.2.3	8.8.8.8	0xb558	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:10.178621054 CEST	192.168.2.3	8.8.8.8	0x751e	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:44.994816065 CEST	192.168.2.3	8.8.8.8	0xf251	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.250386000 CEST	192.168.2.3	8.8.8.8	0x262f	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.502990961 CEST	192.168.2.3	8.8.8.8	0x4738	Standard query (0)	boot-01.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.755681992 CEST	192.168.2.3	8.8.8.8	0x9cc1	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.954569101 CEST	192.168.2.3	8.8.8.8	0x30af	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:46.266068935 CEST	192.168.2.3	8.8.8.8	0x99ef	Standard query (0)	boot-02.net.anydesk.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Sep 4, 2022 22:13:02.864518881 CEST	8.8.8.8	192.168.2.3	0xe872	No error (0)	boot-01.net.anydesk.com	92.223.88.7	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:03.266985893 CEST	8.8.8.8	192.168.2.3	0xd300	No error (0)	boot-01.net.anydesk.com	185.229.191.44	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:04.604871035 CEST	8.8.8.8	192.168.2.3	0xe238	No error (0)	boot-01.net.anydesk.com	49.12.130.236	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:04.828495026 CEST	8.8.8.8	192.168.2.3	0xd106	No error (0)	boot-02.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:05.040250063 CEST	8.8.8.8	192.168.2.3	0xc958	No error (0)	boot-02.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:05.265543938 CEST	8.8.8.8	192.168.2.3	0x28e6	No error (0)	boot-02.net.anydesk.com	185.229.191.44	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.026952028 CEST	8.8.8.8	192.168.2.3	0x5386	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.230946064 CEST	8.8.8.8	192.168.2.3	0xbeb2	No error (0)	boot-01.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.477770090 CEST	8.8.8.8	192.168.2.3	0x3f0e	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.762092113 CEST	8.8.8.8	192.168.2.3	0x4364	No error (0)	boot-02.net.anydesk.com	49.12.130.235	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:07.988354921 CEST	8.8.8.8	192.168.2.3	0xf35b	No error (0)	boot-02.net.anydesk.com	49.12.130.235	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:08.208484888 CEST	8.8.8.8	192.168.2.3	0xa74d	No error (0)	boot-02.net.anydesk.com	88.198.34.103	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:10.617069960 CEST	8.8.8.8	192.168.2.3	0xfa29	No error (0)	boot-01.net.anydesk.com	88.198.34.103	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:10.760051012 CEST	8.8.8.8	192.168.2.3	0xc088	No error (0)	boot-01.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:10.983652115 CEST	8.8.8.8	192.168.2.3	0xdccf	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:11.161725044 CEST	8.8.8.8	192.168.2.3	0x4bf2	No error (0)	boot-02.net.anydesk.com	88.198.34.103	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:11.296356916 CEST	8.8.8.8	192.168.2.3	0xb18c	No error (0)	boot-02.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:11.558692932 CEST	8.8.8.8	192.168.2.3	0x4f39	No error (0)	boot-02.net.anydesk.com	185.229.191.44	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.197035074 CEST	8.8.8.8	192.168.2.3	0x3fca	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.318211079 CEST	8.8.8.8	192.168.2.3	0xdb54	No error (0)	boot-01.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.536930084 CEST	8.8.8.8	192.168.2.3	0xa84c	No error (0)	boot-01.net.anydesk.com	88.198.34.103	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.742660046 CEST	8.8.8.8	192.168.2.3	0xc1e5	No error (0)	boot-02.net.anydesk.com	185.229.191.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:17.973860025 CEST	8.8.8.8	192.168.2.3	0x61b3	No error (0)	boot-02.net.anydesk.com	213.239.213.142	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:18.249800920 CEST	8.8.8.8	192.168.2.3	0xf0d0	No error (0)	boot-02.net.anydesk.com	49.12.130.235	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:27.703454971 CEST	8.8.8.8	192.168.2.3	0x129	No error (0)	boot-01.net.anydesk.com	49.12.130.236	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:27.896982908 CEST	8.8.8.8	192.168.2.3	0xad33	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.098973989 CEST	8.8.8.8	192.168.2.3	0xa876	No error (0)	boot-01.net.anydesk.com	185.229.191.44	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.355464935 CEST	8.8.8.8	192.168.2.3	0xd839	No error (0)	boot-02.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.553292990 CEST	8.8.8.8	192.168.2.3	0xf5d6	No error (0)	boot-02.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:28.777220011 CEST	8.8.8.8	192.168.2.3	0xe31b	No error (0)	boot-02.net.anydesk.com	185.229.191.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:46.838434935 CEST	8.8.8.8	192.168.2.3	0xc193	No error (0)	boot-01.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.044917107 CEST	8.8.8.8	192.168.2.3	0xda	No error (0)	boot-01.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.249342918 CEST	8.8.8.8	192.168.2.3	0x291f	No error (0)	boot-01.net.anydesk.com	49.12.130.236	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.462086916 CEST	8.8.8.8	192.168.2.3	0xe10f	No error (0)	boot-02.net.anydesk.com	49.12.130.235	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.615897894 CEST	8.8.8.8	192.168.2.3	0xeb56	No error (0)	boot-02.net.anydesk.com	185.229.191.44	A (IP address)	IN (0x0001)
Sep 4, 2022 22:13:47.825512886 CEST	8.8.8.8	192.168.2.3	0xd530	No error (0)	boot-02.net.anydesk.com	92.223.88.41	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.178806067 CEST	8.8.8.8	192.168.2.3	0x6975	No error (0)	boot-01.net.anydesk.com	49.12.130.236	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.438484907 CEST	8.8.8.8	192.168.2.3	0x9790	No error (0)	boot-01.net.anydesk.com	195.181.174.167	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.673003912 CEST	8.8.8.8	192.168.2.3	0x5ebe	No error (0)	boot-01.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:26.940520048 CEST	8.8.8.8	192.168.2.3	0x7999	No error (0)	boot-02.net.anydesk.com	185.229.191.44	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:27.115833998 CEST	8.8.8.8	192.168.2.3	0x604f	No error (0)	boot-02.net.anydesk.com	49.12.130.235	A (IP address)	IN (0x0001)
Sep 4, 2022 22:14:27.325629950 CEST	8.8.8.8	192.168.2.3	0x8290	No error (0)	boot-02.net.anydesk.com	49.12.130.236	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:08.983901978 CEST	8.8.8.8	192.168.2.3	0x4e6	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.142267942 CEST	8.8.8.8	192.168.2.3	0x792a	No error (0)	boot-01.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.436985970 CEST	8.8.8.8	192.168.2.3	0x2813	No error (0)	boot-01.net.anydesk.com	88.198.34.103	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.657557964 CEST	8.8.8.8	192.168.2.3	0xf90a	No error (0)	boot-02.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:09.923208952 CEST	8.8.8.8	192.168.2.3	0xb558	No error (0)	boot-02.net.anydesk.com	213.239.213.142	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:10.198447943 CEST	8.8.8.8	192.168.2.3	0x751e	No error (0)	boot-02.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.012372971 CEST	8.8.8.8	192.168.2.3	0xf251	No error (0)	boot-01.net.anydesk.com	195.181.174.173	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.269836903 CEST	8.8.8.8	192.168.2.3	0x262f	No error (0)	boot-01.net.anydesk.com	49.12.130.236	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.520530939 CEST	8.8.8.8	192.168.2.3	0x4738	No error (0)	boot-01.net.anydesk.com	88.198.34.103	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.775060892 CEST	8.8.8.8	192.168.2.3	0x9cc1	No error (0)	boot-02.net.anydesk.com	49.12.130.235	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:45.973865032 CEST	8.8.8.8	192.168.2.3	0x30af	No error (0)	boot-02.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)
Sep 4, 2022 22:15:46.285326958 CEST	8.8.8.8	192.168.2.3	0x99ef	No error (0)	boot-02.net.anydesk.com	92.223.88.232	A (IP address)	IN (0x0001)

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49726	185.229.191.44	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:03.333080053 CEST	147	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 4a 2c b1 a6 6f b4 a3 b1 dc e6 a1 df 29 c4 85 c9 00 22 ad 56 c1 9e 08 35 6d 69 a3 94 3f 76 4a c7 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: J,o)"V5mi?vJn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:03.359908104 CEST	148	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 cf 97 0c ed ff 07 54 ff a8 b3 24 4d 82 a1 2f 29 5a 79 d8 72 d4 44 4f 57 4e 47 52 44 01 20 fe 3b 55 b3 db e4 ff 5c 80 f6 07 08 b9 e8 16 c6 f0 86 8a 8d 7a 07 7d 8c 15 53 a8 c0 1a 44 18 0b c0 2c 00 00 0b ff Data Ascii: WScT$M/)ZyrDOWNGRD ;U\z}SD,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:03.359950066 CEST	150	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:13:03.371423006 CEST	151	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:03.396496058 CEST	151	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49729	92.223.88.232	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:05.072607040 CEST	161	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 78 a8 86 d3 8d 0c 93 90 4c 2e b1 73 d1 68 e8 4e ef ee 6c 65 1e 31 ad 77 c5 6f 57 76 7e bc c1 c0 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: xL.shNle1woWv~n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:05.103645086 CEST	162	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 d1 20 06 3e 34 5d 9b 2e 54 b7 88 c7 29 e5 7f 2c f0 7f 00 7e 0d 44 4f 57 4e 47 52 44 01 20 63 f0 bf d5 16 8c 79 39 c6 c1 24 2d 65 67 66 95 12 de fc 22 52 b1 9e 8f 23 28 f1 bd 7a d3 27 e4 c0 2c 00 00 0b ff Data Ascii: WSc >4].T),~DOWNGRD cy9$-egf"R#(z',C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:05.103689909 CEST	164	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:05.115262032 CEST	165	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:05.144270897 CEST	165	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49775	92.223.88.41	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:47.076816082 CEST	10582	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 3a 4c 47 0e 37 2e a7 6b 83 43 ab ee 82 88 4c 3e dd 0c 1a 69 c0 b2 bb 2e 43 65 2f e8 fb fd 1b 0b 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: :LG7.kCL>i.Ce/n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:47.107412100 CEST	10583	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 fb 71 e5 62 f5 9d 23 83 08 01 78 0b 9c da 65 e3 60 bd de 97 6c 44 4f 57 4e 47 52 44 01 20 8b df d7 97 a9 f4 8b 30 79 8f 17 cc 13 dd 5d a3 78 c3 81 09 10 5a ff d5 56 5a 83 ef db b0 3f 99 c0 2c 00 00 0b ff Data Ascii: WScqb#xe`lDOWNGRD 0y]xZVZ?,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:47.107456923 CEST	10585	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:47.125807047 CEST	10586	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:47.155031919 CEST	10586	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49778	185.229.191.44	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:47.646418095 CEST	10596	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 5c 91 7c 1e f8 c5 3c 6e 4e 85 69 45 a2 ee 6a c3 f3 d6 0e e5 5d c5 51 b7 97 3f a5 87 b5 c1 f7 52 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: \\|<nNiEj]Q?Rn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:47.678735018 CEST	10597	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 fb 23 a2 f5 6b 88 fc 7e 7c 9e e6 64 a3 c8 42 50 1d 73 83 2f 10 44 4f 57 4e 47 52 44 01 20 15 ea fb ee 6b 5b 34 37 04 aa 84 c2 a1 5a 8c 3d 8b 31 39 c0 ec 85 b7 53 4b 36 a9 b7 ab 3f 4f e8 c0 2c 00 00 0b ff Data Ascii: WSc#k~\|dBPs/DOWNGRD k[47Z=19SK6?O,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:47.678776979 CEST	10599	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:13:47.689683914 CEST	10600	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:47.714853048 CEST	10600	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49783	195.181.174.167	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:14:26.462410927 CEST	10624	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 80 72 5e 4e 38 c1 93 c4 69 6a 7d a7 0a 42 95 e3 11 50 15 21 2a 4a 01 37 f9 48 09 b1 78 c5 aa 38 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: r^N8ij}BP!J7Hx8n0,($kjih98762.&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:14:26.483030081 CEST	10626	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 07 22 58 62 76 e2 de 17 5e ef cf 71 f4 e3 69 97 50 46 d0 0d e1 90 44 4f 57 4e 47 52 44 01 20 f7 58 14 29 3d e6 ba f4 f6 8e 53 9b b8 71 d7 6f 0a af 71 9e d7 0e 17 08 95 65 9d dc 03 a8 4e a6 c0 2c 00 00 0b ff Data Ascii: WSc"Xbv^qiPFDOWNGRD X)=SqoqeN,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:14:26.483086109 CEST	10627	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:14:26.495177031 CEST	10628	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:14:26.513989925 CEST	10628	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49786	49.12.130.235	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:14:27.142983913 CEST	10638	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 59 9c 27 25 36 36 f8 4f d5 93 de 95 3e 72 b1 fa a8 a8 1c f2 65 00 e2 a3 f9 6b aa 09 6d ae 2f d6 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: Y'%66O>rekm/n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:14:27.169167995 CEST	10639	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 07 23 ac 90 1a 49 b0 cf 0d 1a 8c 58 5f e3 b4 7f 66 15 28 a1 d1 35 44 4f 57 4e 47 52 44 01 20 21 a2 c4 e8 5f c7 09 3e cc 39 62 00 7d d9 f7 37 53 74 59 a8 87 ef 6a ec 2b fe 31 a8 e2 cf 51 f7 c0 2c 00 00 0b ff Data Ascii: WSc#IX_f(5DOWNGRD !_>9b}7StYj+1Q,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:14:27.169226885 CEST	10641	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:14:27.180810928 CEST	10642	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:14:27.205979109 CEST	10642	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49790	92.223.88.232	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:15:09.175687075 CEST	10660	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 b8 e9 f0 ed a4 6b b9 03 0d 8d 1d c9 91 91 10 2b ec a9 c6 6a 7e 11 12 16 f6 df 2e 9c 29 c4 ee 28 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: k+j~.)(n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:15:09.206814051 CEST	10661	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 07 4d 37 d1 18 0e be f4 d4 9a b7 c7 21 e2 51 b3 1a a0 12 a7 37 4b 44 4f 57 4e 47 52 44 01 20 ad 27 de 43 8d 86 11 5b 5f 6c 67 f5 31 59 28 ce 5f e2 e4 db f3 c6 88 33 41 ee 7f 6f 35 cb c9 5e c0 2c 00 00 0b ff Data Ascii: WScM7!Q7KDOWNGRD 'C[_lg1Y(_3Ao5^,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:15:09.206866026 CEST	10662	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:15:09.280533075 CEST	10663	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:15:09.310147047 CEST	10663	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49793	213.239.213.142	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:15:09.950750113 CEST	10673	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 ac ed d9 1b ca b6 38 36 7d b2 2c 09 84 bf 46 55 e3 58 65 c8 31 45 a0 80 45 91 8a 06 04 93 6e 54 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: 86},FUXe1EEnTn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:15:09.975543976 CEST	10675	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 07 4d 01 e6 2a 7d 04 52 0d af 1c cd 4b d5 3d aa 9e c1 02 d4 a3 af 44 4f 57 4e 47 52 44 01 20 30 f7 64 dc ef cd f3 0a 55 24 3a 17 87 39 e0 f2 8e ae 17 97 32 8c e9 db 88 93 cd ff 03 6d a5 91 c0 2c 00 00 0b ff Data Ascii: WScM}RK=DOWNGRD 0dU$:92m,C0?0'0vtS$0H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:15:09.975589991 CEST	10676	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:15:09.995476961 CEST	10677	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:15:10.017802000 CEST	10677	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49805	49.12.130.236	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:15:45.297851086 CEST	11290	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 8a d3 a7 ea 44 70 50 31 a1 bc 8e 09 1e 0c 80 24 ae ba 01 1d b0 34 77 50 39 8e 55 2d 35 ba f7 67 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: DpP1$4wP9U-5gn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:15:45.323474884 CEST	11292	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 07 71 e0 51 04 c6 bd cb 88 c8 a2 a6 3f 2f c3 2e 9d 5d b4 ea 8e c8 44 4f 57 4e 47 52 44 01 20 68 49 93 45 34 b6 c6 3d 6c 72 87 f8 29 7d 32 79 e3 f4 b0 6b a4 51 e0 5f 2f d5 4c 02 3e 12 33 96 c0 2c 00 00 0b ff Data Ascii: WScqQ?/.]DOWNGRD hIE4=lr)}2ykQ_/L>3,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:15:45.323529005 CEST	11293	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:15:45.340380907 CEST	11294	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:15:45.363780975 CEST	11294	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49808	92.223.88.232	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:15:46.007704973 CEST	11304	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 e2 40 44 48 c9 97 06 17 2a e9 db b9 35 bb e2 f2 7a 2d 31 eb 45 cb 9a a2 2b 4c c6 ae 59 03 0e 13 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: @DH5z-1E+LYn0,($kjih98762.&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:15:46.038220882 CEST	11306	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 07 72 85 03 c5 be 61 c5 75 5b b0 00 77 f8 f5 a5 17 7c 87 53 2f 79 44 4f 57 4e 47 52 44 01 20 59 51 a4 a4 55 ba d4 b8 ae a0 1e 10 38 14 6e 69 b0 0c 44 18 6d 3b 72 88 31 d3 ac 0e ea d8 ae 5f c0 2c 00 00 0b ff Data Ascii: WScrau[w\|S/yDOWNGRD YQU8niDm;r1_,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:15:46.038275003 CEST	11307	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:15:46.059439898 CEST	11308	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:15:46.088443995 CEST	11308	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49732	92.223.88.232	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:07.263886929 CEST	175	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 f8 9d e1 41 d4 ca 0e 23 20 dc 34 23 6f 65 f1 f8 82 68 3a a9 10 7d ac 34 5f 15 72 2d 5d 36 0e dd 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: A# 4#oeh:}4_r-]6n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:07.294485092 CEST	176	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 d3 bc 7a a2 87 a6 a0 c0 fc ae 69 8b 33 08 1e 45 f2 e6 4e 4d 02 44 4f 57 4e 47 52 44 01 20 b3 10 a6 a1 36 01 91 3b 31 cd 19 18 d0 46 d0 79 56 a6 73 8c 0d ff cc 71 cc f8 e4 7a 2c 56 2b 34 c0 2c 00 00 0b ff Data Ascii: WSczi3ENMDOWNGRD 6;1FyVsqz,V+4,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:07.294528008 CEST	178	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:13:07.305835009 CEST	179	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:07.334846973 CEST	179	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49735	49.12.130.235	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:08.016855001 CEST	189	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 f6 24 d4 b6 4d d7 b6 21 07 d3 5a 90 3e 75 5e c1 e7 b8 48 da 88 20 2b 58 c8 20 f2 76 74 c2 a8 70 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: $M!Z>u^H +X vtpn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:08.041646004 CEST	190	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 d4 88 21 0c ba 1b 5b ef f5 71 f7 25 07 e2 69 42 09 26 d2 38 f2 44 4f 57 4e 47 52 44 01 20 1b 9e ba ab 15 8f 92 a2 4e fa fe 45 e6 c1 60 0e 3c a0 fe ab bd 70 9d 69 0f f3 4e 37 a2 ce 6a d4 c0 2c 00 00 0b ff Data Ascii: WSc![q%iB&8DOWNGRD NE`<piN7j,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:08.041687965 CEST	191	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:08.063577890 CEST	192	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:08.087040901 CEST	193	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49741	92.223.88.232	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:10.793160915 CEST	259	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 19 17 9a 04 93 32 94 55 32 5b 65 ce 34 86 a5 b8 0e 6c a4 55 6b 63 59 7d c2 a6 d8 c3 ee bd f1 63 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: 2U2[e4lUkcY}cn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:10.823966026 CEST	261	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 d6 1f 34 55 72 6c 77 34 30 9e cf 75 ab 80 7a 88 63 c8 e2 af d0 44 4f 57 4e 47 52 44 01 20 42 19 d7 ad b2 a1 f3 87 d9 7c 1c bd 31 33 9c af 17 74 eb 3b dc 58 d8 a2 71 2e 29 8b c8 7b 12 77 c0 2c 00 00 0b ff Data Ascii: WSc4Urlw40uzcDOWNGRD B\|13t;Xq.){w,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:10.824011087 CEST	262	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:10.835382938 CEST	263	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:10.864681959 CEST	263	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49744	92.223.88.41	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:11.331063986 CEST	273	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 8e 5c 0e 9a d9 50 f0 1d d8 58 18 28 32 76 5c a6 2b ed 18 90 b1 5f a7 31 82 ed 0a b7 4c 93 68 9b 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: \PX(2v\+_1Lhn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:11.361974955 CEST	274	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 d7 53 c5 e5 8f 87 35 7a 50 23 56 6c b3 a5 7b f1 76 cc 95 93 a5 44 4f 57 4e 47 52 44 01 20 d2 53 68 ce 7d 8d cf c1 70 5f 59 8c 44 4a 27 6f 7a 5f 56 2e fb 73 28 c4 01 e5 2e 73 ab 8a 8f c3 c0 2c 00 00 0b ff Data Ascii: WScS5zP#Vl{vDOWNGRD Sh}p_YDJ'oz_V.s(.s,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:11.362023115 CEST	276	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:11.373832941 CEST	277	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:11.402930021 CEST	277	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49752	92.223.88.232	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:17.352219105 CEST	6266	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 79 17 a3 cc 6c 4f 46 08 5b ba 27 a1 f2 6d e9 a3 0d b8 79 bb fd a6 40 3a fe ee 83 1c ca ff 5e 6c 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: ylOF['my@:^ln0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:17.383167982 CEST	6267	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 dd a0 1a a7 1f f1 53 6b 8d 43 20 34 ad 83 5f ec b6 8d 43 db fc 44 4f 57 4e 47 52 44 01 20 f7 fd fd 84 ad cd 79 c8 7c 50 12 36 88 3d 06 00 6a c0 8a da 15 89 f9 25 35 84 c4 ac d1 3d ab 34 c0 2c 00 00 0b ff Data Ascii: WScSkC 4_CDOWNGRD y\|P6=j%5=4,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:17.383223057 CEST	6269	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:13:17.402539015 CEST	6270	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:17.432214022 CEST	7502	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49755	213.239.213.142	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:18.005815029 CEST	8533	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 9a a1 23 92 d1 d5 db 51 34 42 78 dc 81 9d bd 10 48 31 e4 0d eb 3e 32 b1 41 84 65 32 bc 63 ee cb 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: #Q4BxH1>2Ae2cn0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:18.035665989 CEST	8535	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 de 54 00 d4 d9 0d e0 a0 6d e6 38 37 d2 f2 34 d7 75 a6 bc 0b 5a 44 4f 57 4e 47 52 44 01 20 27 94 72 b3 54 f2 08 90 a5 43 51 4a 11 e7 c8 b1 99 5b 7c f6 aa 3c 63 3e 80 c5 73 d0 c8 72 4f 60 c0 2c 00 00 0b ff Data Ascii: WScTm874uZDOWNGRD 'rTCQJ[\|<c>srO`,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:18.035707951 CEST	8536	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:18.077322006 CEST	8537	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:18.099971056 CEST	8537	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49759	195.181.174.173	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:27.919950962 CEST	10508	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 a3 26 f2 5b 58 8a 1f db 51 a3 fd 4e 95 ac 0f 1f 05 c6 2b 78 ea 4d 13 ff be 91 3c 22 8f 83 2c 1a 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: &[XQN+xM<",n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:27.940901041 CEST	10509	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 e7 89 fa b0 0b cc 95 be 8f 62 37 9e 9a c5 e4 a1 6e d5 bf 55 48 44 4f 57 4e 47 52 44 01 20 5f 4f 4c a8 ac ea 30 c4 97 47 9d c3 ad f7 94 8b ea c5 22 b1 cd 26 2c 15 db 4e ca 84 b1 02 2b b7 c0 2c 00 00 0b ff Data Ascii: WScb7nUHDOWNGRD _OL0G"&,N+,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:27.940939903 CEST	10510	IN	Data Raw: ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce b2 48 79 08 38 2d 82 26 7e 93 4b 32 76 66 85 a7 fd ca f1 0a 2f c7 62 0f 6a 40 fe 1a 6b 58 1c 53 e4 63 c1 75 83 9a Data Ascii: ,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3q EOpN{$B
Sep 4, 2022 22:13:27.952389002 CEST	10511	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:27.971484900 CEST	10512	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49762	92.223.88.41	80	C:\Users\user\Desktop\Microsoft.exe

Timestamp	kBytes transferred	Direction	Data
Sep 4, 2022 22:13:28.589956045 CEST	10521	OUT	Data Raw: 16 03 01 00 f0 01 00 00 ec 03 03 04 76 a6 44 ab 2e 8d 40 4d 4d 68 a7 bd 2b 42 0d 4e 5b 9c ed a4 f3 03 b7 d0 b1 a0 a3 1d 0b f8 c6 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 Data Ascii: vD.@MMh+BN[n0,($kjih98762.*&=5/+'#g@?>32101-)%</U#
Sep 4, 2022 22:13:28.620569944 CEST	10523	IN	Data Raw: 16 03 03 00 57 02 00 00 53 03 03 63 15 06 e8 78 b6 51 25 14 57 8a 66 41 ba 82 58 62 34 8d e8 92 33 12 e8 44 4f 57 4e 47 52 44 01 20 0b 1b d2 be e4 b9 02 8e 82 85 e1 a7 7c 7b 42 70 ab 74 e4 e4 b9 5b 3c da b8 d8 77 5d c2 72 c1 62 c0 2c 00 00 0b ff Data Ascii: WScxQ%WfAXb43DOWNGRD \|{Bpt[<w]rb,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
Sep 4, 2022 22:13:28.620606899 CEST	10524	IN	Data Raw: e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63 86 83 ac 70 84 75 27 2d 35 3d 7b 7b a8 ce Data Ascii: h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_eCL/3
Sep 4, 2022 22:13:28.631774902 CEST	10525	OUT	Data Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 32 30 39 30 35 30 35 31 32 Data Ascii: 000H010UAnyDesk Client0 220905051258Z20720823051258Z010UAnyDesk Client0"0H0vsb;5owS8nUtr9k?EW1QLY?,;L
Sep 4, 2022 22:13:28.660878897 CEST	10525	IN	Data Raw: 15 03 03 00 02 02 2d Data Ascii: -

Target ID:	0
Start time:	22:12:47
Start date:	04/09/2022
Path:	C:\Users\user\Desktop\Microsoft.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Microsoft.exe"
Imagebase:	0xb80000
File size:	3743464 bytes
MD5 hash:	64D3B02073AA813C69CF0CA52182FA37
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	1
Start time:	22:12:52
Start date:	04/09/2022
Path:	C:\Users\user\Desktop\Microsoft.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Microsoft.exe" --local-service
Imagebase:	0xb80000
File size:	3743464 bytes
MD5 hash:	64D3B02073AA813C69CF0CA52182FA37
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	2
Start time:	22:12:52
Start date:	04/09/2022
Path:	C:\Users\user\Desktop\Microsoft.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Microsoft.exe" --local-control
Imagebase:	0xb80000
File size:	3743464 bytes
MD5 hash:	64D3B02073AA813C69CF0CA52182FA37
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Function 00F36480 Relevance: 59.8, APIs: 20, Strings: 14, Instructions: 261filesynchronizationtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 00F36420: CreateFileW.KERNELBASE(03347728,C0000000,00000007,00000000,00000004,00000000,00000000,?,?,?,?,00F364D2,00000000,?), ref: 00F3644A

_vswprintf_s.LIBCMT ref: 00F364E6

Part of subcall function 01009B9B: __vsnprintf_l.LIBCMT ref: 01009BAE

WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 00F36508
OutputDebugStringA.KERNEL32(AnyDesk: Mutex broken!), ref: 00F36534
GetSystemTime.KERNEL32(?), ref: 00F36548
TlsGetValue.KERNEL32(00000023), ref: 00F36552
__itow.LIBCMT ref: 00F36584
GetCurrentThreadId.KERNEL32 ref: 00F365FB
GetCurrentProcessId.KERNEL32(00000000), ref: 00F36602
__snprintf.LIBCMT ref: 00F36645
SetFilePointer.KERNELBASE(000002D4,00000000,00000000,00000002), ref: 00F36657
SetFilePointer.KERNEL32(000002D4,00000000,00000000,00000000), ref: 00F36690
ReadFile.KERNEL32(000002D4,00000000,00000000,00000000,00000000), ref: 00F366A2
_memmove.LIBCMT ref: 00F366D6
SetFilePointer.KERNEL32(000002D4,00000000,00000000,00000000), ref: 00F366E8
WriteFile.KERNEL32(000002D4,00000000,00000000,00000000,00000000), ref: 00F36701
SetFilePointer.KERNEL32(000002D4,00000000,00000000,00000000), ref: 00F36710
SetEndOfFile.KERNEL32(000002D4), ref: 00F3671A
WriteFile.KERNELBASE(000002D4,?,?,00000000,00000000), ref: 00F3674D
RtlEnterCriticalSection.NTDLL(0155B9D8), ref: 00F3678A
RaiseException.KERNEL32(00002329,00000000,00000000,00000000), ref: 00F3679B

Strings

info, xrefs: 00F365BD
internal, xrefs: 00F365AF, 00F36631
error, xrefs: 00F365CB
explode, xrefs: 00F365E0
%7s %4i-%02i-%02i %02i:%02i:%02i.%03i %10s %6lu %6lu %4s %32s - %s, xrefs: 00F36591
AnyDesk: Mutex broken!, xrefs: 00F3652F
auth, xrefs: 00F365D9
warning, xrefs: 00F365C4
front, xrefs: 00F36609
AnyDesk: Wait failed., xrefs: 00F36521
AnyDesk: Timeout in trace., xrefs: 00F36528
crash, xrefs: 00F365D2
debug, xrefs: 00F365B6
invalid, xrefs: 00F365E7

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: File$Pointer$CurrentWrite$CreateCriticalDebugEnterExceptionObjectOutputProcessRaiseReadSectionSingleStringSystemThreadTimeValueWait__itow__snprintf__vsnprintf_l_memmove_vswprintf_s
String ID: %7s %4i-%02i-%02i %02i:%02i:%02i.%03i %10s %6lu %6lu %4s %32s - %s$AnyDesk: Mutex broken!$AnyDesk: Timeout in trace.$AnyDesk: Wait failed.$auth$crash$debug$error$explode$front$info$internal$invalid$warning
API String ID: 2246438150-3361941525
Opcode ID: 3fb37cb6600ec2764453474f4902817982a5c16b85388d271fbdadba29d7aaf5
Instruction ID: 8f3f1f166a7551ab2cac67a553a369c92eca3723322b5b5b42b691995faacce0
Opcode Fuzzy Hash: 3fb37cb6600ec2764453474f4902817982a5c16b85388d271fbdadba29d7aaf5
Instruction Fuzzy Hash: 0791E4B2D00218BBDB20CF94DC84FAA7BB8BB49724F14C15AF945EB284D779D940DB61

Uniqueness

Uniqueness Score: -1.00%

Function 01008532 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 208COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0100854C

Part of subcall function 0100A2D1: __FF_MSGBANNER.LIBCMT ref: 0100A2EA
Part of subcall function 0100A2D1: __NMSG_WRITE.LIBCMT ref: 0100A2F1
Part of subcall function 0100A2D1: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 0100A316

std::exception::exception.LIBCMT ref: 01008581
std::exception::exception.LIBCMT ref: 0100859B
__CxxThrowException@8.LIBCMT ref: 010085AC

Strings

$, xrefs: 010085ED

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: $
API String ID: 615853336-3993045852
Opcode ID: c4c7ff32093f0733259574ed502f2f458869d2f82ce2d3e6eaacd4c5ef86c061
Instruction ID: f515440abdff13e0478fafc04a92c4c37bd1fb2d3a31b35d4835bac08c2826b2
Opcode Fuzzy Hash: c4c7ff32093f0733259574ed502f2f458869d2f82ce2d3e6eaacd4c5ef86c061
Instruction Fuzzy Hash: A861FF31C0061ADAFF678F2CD8447AE7BE4BF05364F2186ABE994A61C4D770CA50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F3CBB0 Relevance: 7.5, APIs: 5, Instructions: 44comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00F3CBC9
SetEvent.KERNEL32(?,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 00F3CBE1
OleUninitialize.OLE32(?,?,?,01076BF8,000000FF,00F3CB9B), ref: 00F3CC07
TlsGetValue.KERNEL32(00000024,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 00F3CC17
TlsSetValue.KERNEL32(00000024,00000000), ref: 00F3CC2F

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: Value$EventInitializeUninitialize
String ID:
API String ID: 566941487-0
Opcode ID: 1ca1c6a720f2becfccb68c74ba00e5b9927b212951720fb340a3e195eef1a71b
Instruction ID: 14df65813fc3a5d4d73fb4a870914051932cbf91f7023cf73017c274b2157cc4
Opcode Fuzzy Hash: 1ca1c6a720f2becfccb68c74ba00e5b9927b212951720fb340a3e195eef1a71b
Instruction Fuzzy Hash: 1E0184B5600740ABD3209F65DC19B1B77A8FB85B60F00C919F456D3794DB3DE404DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00B819FE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,00000028,00000004,00000000,00B81CCE,?), ref: 00B81A84
VirtualProtect.KERNELBASE(?,00000028,00000000,00000000), ref: 00B81A9B

Strings

.itext, xrefs: 00B81A54
.text, xrefs: 00B81A22

Memory Dump Source

Source File: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: ProtectVirtual
String ID: .itext$.text
API String ID: 544645111-3616233406
Opcode ID: 88a05020e6cf9d8bc708c76e29d5700d6ebec869a01f2fb9cb957177004c9baa
Instruction ID: 27688e06792cb299930f0a74bff492f15e8ba0d53e7a98cfb12eb43d8a912a97
Opcode Fuzzy Hash: 88a05020e6cf9d8bc708c76e29d5700d6ebec869a01f2fb9cb957177004c9baa
Instruction Fuzzy Hash: E3110376602300ABC720DF99CCC1ABAB3FCEB04B40F0049A9F952E6551F370E986D760

Uniqueness

Uniqueness Score: -1.00%

Function 00F3E670 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(advapi32.dll,00000000,0155B9DC,00F3697D), ref: 00F3E689
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0155B9DC), ref: 00F3E6A9
_free.LIBCMT ref: 00F3E6D4

Part of subcall function 01009287: RtlFreeHeap.NTDLL(00000000,00000000,?,00F3CC23,00000000,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 0100929D

Strings

advapi32.dll, xrefs: 00F3E688, 00F3E6B0

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: ErrorFreeHeapLastLibraryLoad_free
String ID: advapi32.dll
API String ID: 1383136612-4050573280
Opcode ID: 1d9f0e954c02379b490ed1932cdeb19404dcf16ff0e96ea8bd7fb1faf6a97f97
Instruction ID: aaf06baf5fe964bcd6fde85597500c804a0b5a2b61a0987a671945df7102a512
Opcode Fuzzy Hash: 1d9f0e954c02379b490ed1932cdeb19404dcf16ff0e96ea8bd7fb1faf6a97f97
Instruction Fuzzy Hash: C4018CB0804785AFD711EF288C05B5BBBE8BF50724F408939F898C6291E73DD4048B62

Uniqueness

Uniqueness Score: -1.00%

Function 00F3E6F0 Relevance: 4.5, APIs: 3, Instructions: 38COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(477720B8,000000FF,00F369F0,?), ref: 00F3E713
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0155B9DC), ref: 00F3E731
_free.LIBCMT ref: 00F3E75B

Part of subcall function 01009287: RtlFreeHeap.NTDLL(00000000,00000000,?,00F3CC23,00000000,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 0100929D

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: Free$ErrorHeapLastLibrary_free
String ID:
API String ID: 1013596455-0
Opcode ID: 15d736b18144da35b3b2fe9a312368a28a9d553b82ee3634937d6331dc7a0907
Instruction ID: 24f263624085cef6921f5a7da9dae7aa5abff7bc86cac6938fa3b65d18765bb5
Opcode Fuzzy Hash: 15d736b18144da35b3b2fe9a312368a28a9d553b82ee3634937d6331dc7a0907
Instruction Fuzzy Hash: 09016DB1904741ABDB10EF28D945B5BB7E8BF80B28F00C92DF8A9C3291D739E404CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F36420 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(03347728,C0000000,00000007,00000000,00000004,00000000,00000000,?,?,?,?,00F364D2,00000000,?), ref: 00F3644A

Strings

Couldn't open the trace file., xrefs: 00F36458

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: CreateFile
String ID: Couldn't open the trace file.
API String ID: 823142352-2019193763
Opcode ID: 117dce2602377b57c1df64fe1cb7efdba9797188bf515efe9a1f9569aef36187
Instruction ID: 67c846e33ad177872c81f44778ad661ce1a1d85148b9c724beb8c0da78da5d60
Opcode Fuzzy Hash: 117dce2602377b57c1df64fe1cb7efdba9797188bf515efe9a1f9569aef36187
Instruction Fuzzy Hash: 88F039B0E80700AEE7308A34DC05B163AA06B14B38F648608E2D1DA6C1D3B8E4499B49

Uniqueness

Uniqueness Score: -1.00%

Function 00B81000 Relevance: 1.6, APIs: 1, Instructions: 107memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,00B81B87,?,?,?,00A32200,00B84000,00A42200,?), ref: 00B81045

Memory Dump Source

Source File: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8ad0bd426fc4e14450ebb4a25b13beb1236773bfd8cb879707df8a141987a14b
Instruction ID: b7222729aa4a660fcad6f7de737a19c3afafff4d7037e4a3b24067f8b6077279
Opcode Fuzzy Hash: 8ad0bd426fc4e14450ebb4a25b13beb1236773bfd8cb879707df8a141987a14b
Instruction Fuzzy Hash: C4416EB1601701CFC324EF59C884A66B7F9FF58700B148D6EE59A87A61E375E886CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0101897A Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 010189BD

Part of subcall function 0100E951: __getptd_noexit.LIBCMT ref: 0100E951

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: edb73c961f22aadbabafe52a854d04176ecc6d8671c15c87e46ecddc17dc7a19
Instruction ID: c1e3b5c1cdcad5e3541c8444975419f601805894cf6c65c7f220fe36f221b8e4
Opcode Fuzzy Hash: edb73c961f22aadbabafe52a854d04176ecc6d8671c15c87e46ecddc17dc7a19
Instruction Fuzzy Hash: 7B0124312012159BEB6E8E2DDC14B6A3BD6AB81360F09C66BEAD5CB198C738D900C352

Uniqueness

Uniqueness Score: -1.00%

Function 01008B89 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

Part of subcall function 0100F5D1: __lock.LIBCMT ref: 0100F5D3

__onexit_nolock.LIBCMT ref: 01008BA1

Part of subcall function 01008AA2: RtlDecodePointer.NTDLL(0155AB60), ref: 01008AB7
Part of subcall function 01008AA2: RtlDecodePointer.NTDLL ref: 01008AC4
Part of subcall function 01008AA2: __realloc_crt.LIBCMT ref: 01008B01
Part of subcall function 01008AA2: __realloc_crt.LIBCMT ref: 01008B17
Part of subcall function 01008AA2: RtlEncodePointer.NTDLL(00000000), ref: 01008B29
Part of subcall function 01008AA2: RtlEncodePointer.NTDLL(179B4870), ref: 01008B3D
Part of subcall function 01008AA2: RtlEncodePointer.NTDLL(-00000004), ref: 01008B45

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
String ID:
API String ID: 3536590627-0
Opcode ID: dcea9dca4a9b7b9aa39a0360bb9cf73b440cf8a7117984fed4bdf7600f443946
Instruction ID: a7cee8998e547cac98e6625d35e129e55dd37d98a1711b31b4a5f761f628a683
Opcode Fuzzy Hash: dcea9dca4a9b7b9aa39a0360bb9cf73b440cf8a7117984fed4bdf7600f443946
Instruction Fuzzy Hash: 81D05E71D01207AAEB21FFA4DC407DCB6B06F20321F30C15AD090A61D4CBB806419B01

Uniqueness

Uniqueness Score: -1.00%

Function 00B81E47 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B81E5A

Memory Dump Source

Source File: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 042b3e78e766917fc7476822e2758465008a10b04214cd7162f3d99566f83b27
Instruction ID: c548f0fa07e6c7affe446fd626175f4cd70dad9a24c9ee7de213dadc4972f2d5
Opcode Fuzzy Hash: 042b3e78e766917fc7476822e2758465008a10b04214cd7162f3d99566f83b27
Instruction Fuzzy Hash: E3C04C36548211EFDF905FA4E80CEC6BFA4EF48365F068444F24997075C731A885CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00B81E30 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,?,00B81CD9,?,?), ref: 00B81E44

Memory Dump Source

Source File: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 30d16c000d2da85a6ebb8cc9574040c4fb5ef950f15f023aab6eb5ce634d0d9e
Instruction ID: db6c033dfdea862ae0d1e79cb59c70e825e24784b4b5e29879999c5630f8df7f
Opcode Fuzzy Hash: 30d16c000d2da85a6ebb8cc9574040c4fb5ef950f15f023aab6eb5ce634d0d9e
Instruction Fuzzy Hash: 51C04835288200AFEF919BA8D848F497BE4AB48752F088180F209DB674C631A8409B11

Uniqueness

Uniqueness Score: -1.00%

Function 010129EE Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 010129F0

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 48e9ce3543bae19794e2dd9689210b94ae1c11a14587823be8c88d8a87ae05e4
Instruction ID: 8462398b645ad2cd171f7d9bbda6c88952da541025227226b322d6db6a40df84
Opcode Fuzzy Hash: 48e9ce3543bae19794e2dd9689210b94ae1c11a14587823be8c88d8a87ae05e4
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0101B429 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0102471A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0102472F
UnhandledExceptionFilter.KERNEL32(010A1B1C), ref: 0102473A
GetCurrentProcess.KERNEL32(C0000409), ref: 01024756
TerminateProcess.KERNEL32(00000000), ref: 0102475D

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d6ff0fb23c8ff74b08bec362cbcfc243dbbcc05691f7fd0c6b4ed196efd3617
Instruction ID: 4fb84e2a6e9ad4871170ce2fd231a849805766fb28ac72e07be263184166bd52
Opcode Fuzzy Hash: 8d6ff0fb23c8ff74b08bec362cbcfc243dbbcc05691f7fd0c6b4ed196efd3617
Instruction Fuzzy Hash: 2C2123B4811308DFC774DF65F0AC6583BB6FB08300F42415AE5288F358EBB65588AF20

Uniqueness

Uniqueness Score: -1.00%

Function 00B82DFD Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce03736571f7384aa8c04e8d34d240d6cb8dd275eb8716f0e0fd7af206312961
Instruction ID: a38d1e982d6cfdd5dde0ee65366d8f60ca4c146a36b6773ac7d80bd5b583083d
Opcode Fuzzy Hash: ce03736571f7384aa8c04e8d34d240d6cb8dd275eb8716f0e0fd7af206312961
Instruction Fuzzy Hash: 97128031D00129EFCF08DF68C5945ACBBF2EF84756F2581AAD956AB260D7309F81DB84

Uniqueness

Uniqueness Score: -1.00%

Function 00D310E0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00F3E670: LoadLibraryW.KERNELBASE(advapi32.dll,00000000,0155B9DC,00F3697D), ref: 00F3E689
Part of subcall function 00F3E670: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0155B9DC), ref: 00F3E6A9
Part of subcall function 00F3E670: _free.LIBCMT ref: 00F3E6D4

GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorW), ref: 00D31106
GetProcAddress.KERNEL32(00EE0C70,OpenEventLogA), ref: 00D31120
GetProcAddress.KERNEL32(00FCB6F0,CloseEventLog), ref: 00D3113A
GetProcAddress.KERNEL32(00EDCAB0,ReportEventA), ref: 00D31154
GetProcAddress.KERNEL32(00D36B70,CreateProcessWithTokenW), ref: 00D3116E

Strings

CloseEventLog, xrefs: 00D31134
ReportEventA, xrefs: 00D3114E
ConvertStringSecurityDescriptorToSecurityDescriptorW, xrefs: 00D31100
OpenEventLogA, xrefs: 00D3111A
advapi32.dll, xrefs: 00D310E4
CreateProcessWithTokenW, xrefs: 00D31168

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad_free
String ID: CloseEventLog$ConvertStringSecurityDescriptorToSecurityDescriptorW$CreateProcessWithTokenW$OpenEventLogA$ReportEventA$advapi32.dll
API String ID: 1327587910-3518705215
Opcode ID: 256977c7d001569a30108a965adb35bf02f58c9e997a21e72ec5e45676a7bf75
Instruction ID: deee660be017149f4ac9dc483ca73082afe6c8740cedca46af855a7e976c5227
Opcode Fuzzy Hash: 256977c7d001569a30108a965adb35bf02f58c9e997a21e72ec5e45676a7bf75
Instruction Fuzzy Hash: EC112578B00317ABA7509E3ADC01B53ABE8AF50BD0B184136EA18D7315E774EC518BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA620 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(00EFA728,00000000,?,?,00F24B8E,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 00EFA629
TlsGetValue.KERNEL32(00000024,?,00EFA728,00000000,?,?,00F24B8E,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 00EFA641
GetLastError.KERNEL32(?,?,00F24B8E,?,?,?,01076BF8,000000FF,00F3CB9B), ref: 00EFA64D
_memset.LIBCMT ref: 00EFA679
TlsSetValue.KERNEL32(00000024,00000000), ref: 00EFA688

Strings

Please contact support@anydesk.com (B), xrefs: 00EFA657
Please contact support@anydesk.com (A), xrefs: 00EFA639

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: Value$AllocErrorLast_memset
String ID: Please contact support@anydesk.com (A)$Please contact support@anydesk.com (B)
API String ID: 4091103580-43624127
Opcode ID: 86c4f3944b926d4a514e90efaf5b1991244bc20ed203b5a1801ae6bb26a78e24
Instruction ID: bf65348e2d972ebe55aafe60c5c07c86a3674d3fdb85f503f82214be3d5a1fa0
Opcode Fuzzy Hash: 86c4f3944b926d4a514e90efaf5b1991244bc20ed203b5a1801ae6bb26a78e24
Instruction Fuzzy Hash: 8D018171B0022457D6302B787818A9B3B54BB017A9F0AC522FA59EF3E8D775CC01DBE2

Uniqueness

Uniqueness Score: -1.00%

Function 010121F4 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 01012200

Part of subcall function 01012BDB: __getptd_noexit.LIBCMT ref: 01012BDE
Part of subcall function 01012BDB: __amsg_exit.LIBCMT ref: 01012BEB

__amsg_exit.LIBCMT ref: 01012220
__lock.LIBCMT ref: 01012230
InterlockedDecrement.KERNEL32(?), ref: 0101224D
_free.LIBCMT ref: 01012260
InterlockedIncrement.KERNEL32(033415F8), ref: 01012278

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: 39cd07eeb41de078e00d5c374debbff0586e628dd294053ecef747c9f889d50b
Instruction ID: 190ef7c04f137706c5644efc69c6e62cf20859dfdbc6057b228e4fe2fe74242d
Opcode Fuzzy Hash: 39cd07eeb41de078e00d5c374debbff0586e628dd294053ecef747c9f889d50b
Instruction Fuzzy Hash: 9B018032D01626BBEB72AF68A0847DD7BE0BF04711F24405AD980A729CCB3C6A41DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0100A909 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0100A917

Part of subcall function 0100A2D1: __FF_MSGBANNER.LIBCMT ref: 0100A2EA
Part of subcall function 0100A2D1: __NMSG_WRITE.LIBCMT ref: 0100A2F1
Part of subcall function 0100A2D1: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 0100A316

_free.LIBCMT ref: 0100A92A

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: b8c7ea7d5892e113369ec44eb172b077d568874acd2c0ad26ba4d0969a46a6d9
Instruction ID: 090f4c49ee275d93b3567e2dfbe9d393fcca461b9f59b257237114886f2943d7
Opcode Fuzzy Hash: b8c7ea7d5892e113369ec44eb172b077d568874acd2c0ad26ba4d0969a46a6d9
Instruction Fuzzy Hash: FE11AB37705716EBEF732B78A80869E3B94AF55260F224565F9D8AB1D0DF38C5408760

Uniqueness

Uniqueness Score: -1.00%

Function 01012975 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 01012981

Part of subcall function 01012BDB: __getptd_noexit.LIBCMT ref: 01012BDE
Part of subcall function 01012BDB: __amsg_exit.LIBCMT ref: 01012BEB

__getptd.LIBCMT ref: 01012998
__amsg_exit.LIBCMT ref: 010129A6
__lock.LIBCMT ref: 010129B6
__updatetlocinfoEx_nolock.LIBCMT ref: 010129CA

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 47fb9fe349c251467b69d0d4dc3e0c2cb512cd031f244381ec13ee9ca8e31f0e
Instruction ID: 32009b8a26d9eb4ba7a87339eaa4cb58395786a97e69d2931168cbe3f282e1fb
Opcode Fuzzy Hash: 47fb9fe349c251467b69d0d4dc3e0c2cb512cd031f244381ec13ee9ca8e31f0e
Instruction Fuzzy Hash: 1FF090329007169BE771BB7C9481BDD77A1AF10764F30415DD1D0AB1D8CB2C49819B56

Uniqueness

Uniqueness Score: -1.00%

Function 01022BBD Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 01022BF1
__isleadbyte_l.LIBCMT ref: 01022C24
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?,?,?), ref: 01022C55
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?,?,?), ref: 01022CC3

Memory Dump Source

Source File: 00000000.00000002.647153767.0000000000B86000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.647098482.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647119035.0000000000B81000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.647141042.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.650566626.0000000001098000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654056163.00000000014B7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654558494.000000000155B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654616835.0000000001560000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654662875.0000000001564000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654681193.0000000001565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654911919.00000000015C7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.654951535.00000000015C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.657694907.0000000001951000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_Microsoft.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 524e5ec18b98a5142d8eec564738d396f1d62388d6ddb8c03da5294aed446b2f
Instruction ID: d9241b44ae1f9ca61244d777881f4c1f0a42f634575c3b576c37d675e4129f68
Opcode Fuzzy Hash: 524e5ec18b98a5142d8eec564738d396f1d62388d6ddb8c03da5294aed446b2f
Instruction Fuzzy Hash: 8C31A031A0426AEFEB22DFE8C8809FD3FE5BF01310F1585A9E5A58B191D730D940DB51

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Microsoft.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\AnyDesk\service.conf

C:\Users\user\AppData\Roaming\AnyDesk\system.conf

C:\Users\user\AppData\Roaming\AnyDesk\user.conf

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DWUEE31AMENZCJEVPQCJ.temp

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Packets

Statistics

CPU Usage

Windows Analysis Report
Microsoft.exe