Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76431Content-Type: multipart/form-data; boundary=--------3259937207User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76426Content-Type: multipart/form-data; boundary=--------974736809User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81223Content-Type: multipart/form-data; boundary=--------1733772180User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81262Content-Type: multipart/form-data; boundary=--------3571177622User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81298Content-Type: multipart/form-data; boundary=--------3135628383User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83326Content-Type: multipart/form-data; boundary=--------2112300367User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83305Content-Type: multipart/form-data; boundary=--------1747900146User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83526Content-Type: multipart/form-data; boundary=--------4043093276User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81257Content-Type: multipart/form-data; boundary=--------4228739266User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81331Content-Type: multipart/form-data; boundary=--------3803026718User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81307Content-Type: multipart/form-data; boundary=--------2963325791User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85135Content-Type: multipart/form-data; boundary=--------2571491142User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 82926Content-Type: multipart/form-data; boundary=--------3335732562User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83052Content-Type: multipart/form-data; boundary=--------1291895716User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76682Content-Type: multipart/form-data; boundary=--------1315708494User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76660Content-Type: multipart/form-data; boundary=--------3047557173User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76627Content-Type: multipart/form-data; boundary=--------3142017803User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76637Content-Type: multipart/form-data; boundary=--------2197444700User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76633Content-Type: multipart/form-data; boundary=--------327613734User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76617Content-Type: multipart/form-data; boundary=--------3156620313User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------2353964795User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------2524520363User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76647Content-Type: multipart/form-data; boundary=--------776738021User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------1255899435User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76639Content-Type: multipart/form-data; boundary=--------3577760510User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76833Content-Type: multipart/form-data; boundary=--------4017631281User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76635Content-Type: multipart/form-data; boundary=--------3576073818User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76584Content-Type: multipart/form-data; boundary=--------2060090614User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76670Content-Type: multipart/form-data; boundary=--------1263745405User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------3327901999User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------1002864139User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76582Content-Type: multipart/form-data; boundary=--------795614568User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76736Content-Type: multipart/form-data; boundary=--------572333967User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76592Content-Type: multipart/form-data; boundary=--------3756762824User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76612Content-Type: multipart/form-data; boundary=--------4010773262User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------1730318477User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76649Content-Type: multipart/form-data; boundary=--------2667398164User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76622Content-Type: multipart/form-data; boundary=--------2156489369User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76630Content-Type: multipart/form-data; boundary=--------271647860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------2981659231User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76646Content-Type: multipart/form-data; boundary=--------3817058548User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76655Content-Type: multipart/form-data; boundary=--------1585944860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76672Content-Type: multipart/form-data; boundary=--------1049848244User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------3157952906User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /dout.aspx?s=12418339&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 3Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /dout.aspx?s=12418339&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache |
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/ |
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001 |
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 |
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=100000012 |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001N& |
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v |
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000 |
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 |
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l |
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000001&client=DynGate |
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: svchost.exe, 00000003.00000002.545837085.0000024FB0060000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
Source: svchost.exe, 00000003.00000002.538052811.0000024FB000E000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.ver) |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://go.teamviewer.comn0 |
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 |
Source: UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001ayTo-UPnP-E |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001q |
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&% |
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001ZqcGy |
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082859&client=DynGate&p=10000002 |
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.com |
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082873&client=DynGate&p=10000002W |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5Mko |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6s |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeq |
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmp |
String found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7 |
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmp |
String found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=4082873&client=DynGate&p=100 |
Source: wogZe27GBB.exe, wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: UniPrint.exe, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp |
String found in binary or memory: http://www.TeamViewer.com |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.TeamViewer.com/download |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.TeamViewer.com/help |
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmp |
String found in binary or memory: http://www.bingmapsportal.com |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000002.00000002.294871479.0000000002870000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.349624220.0000000002830000.00000004.00000001.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000003.344077474.00000000028E1000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372091300.0000000002860000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000003.370863061.0000000002831000.00000004.00000001.sdmp |
String found in binary or memory: http://www.teamviewer.com |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString(): |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/company/index.aspx |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/download/beta.aspx |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/favicon.ico |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx: |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/help/support.aspxK |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx |
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp |
String found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version= |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2% |
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmp |
String found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www. |
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp |
String found in binary or memory: https://%s.dnet.xboxlive.com |
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp |
String found in binary or memory: https://%s.xboxlive.com |
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp |
String found in binary or memory: https://activity.windows.com |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net |
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp |
String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device |
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp |
String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device |
Source: svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/ |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations |
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/ |
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/ |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx |
Source: svchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v= |
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/ |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations |
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/ |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking |
Source: svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/ |
Source: svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n= |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx |
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? |
Source: svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= |
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= |
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= |
Source: svchost.exe, 0000000B.00000003.316700720.000001BF60664000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.t |
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx |
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmp |
String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmp |
String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v= |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx |
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= |
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= |
Source: svchost.exe, 0000000B.00000003.316800598.000001BF60645000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= |
Source: svchost.exe, 0000000B.00000003.316785328.000001BF60640000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= |
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen |
Source: svchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.460571183.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/ |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer4 |
Source: UniPrint.exe, 00000004.00000003.412925406.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/0p |
Source: UniPrint.exe, 00000004.00000003.478775345.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/0pp |
Source: UniPrint.exe, 00000004.00000003.325324514.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/1 |
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/2i |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/3DViewer_2.1803.8022.0_x64_ |
Source: UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://Microso |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/ |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/.Microsoft3DViewer4 |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/9 |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m0 |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/e |
Source: UniPrint.exe, 00000004.00000002.545681944.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/esources/StoreAppN |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/ources/DisplayNamev |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/8C631A8/resource://Microso |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/9 |
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/= |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.441746843.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.438725277.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/ |
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/.Microsoft3DViewer4 |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/2.1803.8022.0_x64_ |
Source: UniPrint.exe, 00000004.00000003.308537365.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/8 |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/9 |
Source: UniPrint.exe, 00000004.00000003.418618637.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/B |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/E |
Source: UniPrint.exe, 00000004.00000003.471440438.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/L |
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/R |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/ackageDisplayName |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/al_cw5n1h2txyewy?m0 |
Source: UniPrint.exe, 00000004.00000003.379200176.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/d.info/B8C631A8/ |
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/e |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/esources/StoreAppN |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/leUI/resources/Pkg |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/lopmentPropertiesh |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/lopmentPropertiesl |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/ources/DisplayNamev |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/pName |
Source: UniPrint.exe, 00000004.00000003.332650410.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/resource://Microso |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/soft.Microsoft3DVi |
Source: UniPrint.exe, 00000004.00000003.348911861.00000000057A7000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/t |
Source: UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/B8C631A8/wer_2.1803.8022.0_l |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/Q |
Source: UniPrint.exe, 00000004.00000003.441746843.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/Wp |
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/a |
Source: UniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/ameCallableUI/resources/Pkg |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.466393951.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/ |
Source: UniPrint.exe, 00000004.00000003.446837962.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_ |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/ |
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/9 |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/resource://Microso |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.424436468.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/ |
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/9 |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/leUI/resources/Pkg |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertiesh |
Source: UniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamev |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DVi |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/ameCallableUI/resources/Pkg |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/ervice |
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/s/StoreAppName |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy? |
Source: UniPrint.exe, 00000004.00000003.323291752.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/apsed.info/vider/Resources/DisplayNamev |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/ervice |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/ft.Microsoft3DViewer_2.1803.8022.0_x64_ |
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/i |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/iew.UWP/Resources/StoreAppN |
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/s/StoreAppName |
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/tral_neutral_cw5n1h2txyewy? |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/vider/Resources/DisplayNamev |
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/xIdentityProvider/Resources/DisplayNamev |
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp |
String found in binary or memory: https://widolapsed.info/~ |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmp |
String found in binary or memory: https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai |
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp |
String found in binary or memory: https://www.teamviewer.com/licensing/order.aspx?lng=ja |
Source: C:\Users\user\Desktop\wogZe27GBB.exe |
Code function: 0_2_00401000 NtdllDefWindowProc_A,BeginPaint,GetClientRect,DeleteObject,CreateBrushIndirect,FillRect,DeleteObject,CreateFontIndirectA,SetBkMode,SetTextColor,SelectObject,SelectObject,DrawTextA,SelectObject,DeleteObject,EndPaint, |
0_2_00401000 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle, |
2_2_70988AF0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree, |
2_2_7098B420 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_709889F0 NtQuerySystemInformation,StrChrW,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,StrChrW,NtWriteVirtualMemory,NtFlushInstructionCache, |
2_2_709889F0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B5F0 NtResumeThread,NtClose,HeapFree, |
2_2_7098B5F0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B340 NtGetContextThread,NtSetContextThread, |
2_2_7098B340 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B570 NtSuspendThread,NtClose, |
2_2_7098B570 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B160 NtProtectVirtualMemory, |
2_2_7098B160 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70981C90 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory, |
2_2_70981C90 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70981A80 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree, |
2_2_70981A80 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098A880 NtQueryVirtualMemory, |
2_2_7098A880 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B0B9 NtProtectVirtualMemory, |
2_2_7098B0B9 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_709826E0 RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose, |
2_2_709826E0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70985220 RtlZeroMemory,RtlZeroMemory,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle, |
2_2_70985220 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B650 RtlMoveMemory,NtFlushInstructionCache, |
2_2_7098B650 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70987240 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree, |
2_2_70987240 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70982440 LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetCommandLineW,CommandLineToArgvW,lstrcmpiW,lstrcmpiW,StrRChrW,StrChrW,wsprintfW,OpenEventW,CreateEventW,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess, |
2_2_70982440 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_7098B1A0 NtOpenThread, |
2_2_7098B1A0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70982FF0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessW,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle, |
2_2_70982FF0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_709827F0 GetFileAttributesW,GetProcessHeap,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RtlZeroMemory,RtlZeroMemory,CreateProcessW,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree, |
2_2_709827F0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70987D00 PostThreadMessageW,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageW,CreateThread,CallWindowProcW, |
2_2_70987D00 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70981570 NtAllocateVirtualMemory,NtAllocateVirtualMemory, |
2_2_70981570 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 2_2_70981960 NtProtectVirtualMemory, |
2_2_70981960 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_709889F0 NtQuerySystemInformation,StrChrW,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,StrChrW,NtWriteVirtualMemory,NtFlushInstructionCache, |
4_2_709889F0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B160 NtProtectVirtualMemory, |
4_2_7098B160 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle, |
4_2_70988AF0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70987240 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree, |
4_2_70987240 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B340 NtGetContextThread,NtSetContextThread, |
4_2_7098B340 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree, |
4_2_7098B420 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B5F0 NtResumeThread,NtClose,HeapFree, |
4_2_7098B5F0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70987D00 PostThreadMessageW,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageW,CreateThread,CallWindowProcW, |
4_2_70987D00 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B570 NtSuspendThread,NtClose, |
4_2_7098B570 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098A880 NtQueryVirtualMemory, |
4_2_7098A880 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B0B9 NtProtectVirtualMemory, |
4_2_7098B0B9 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B1A0 NtOpenThread, |
4_2_7098B1A0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70981960 NtProtectVirtualMemory, |
4_2_70981960 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70981A80 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree, |
4_2_70981A80 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70985220 RtlZeroMemory,RtlZeroMemory,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,StrChrW,CloseHandle,CloseHandle,CloseHandle, |
4_2_70985220 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70981C90 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory, |
4_2_70981C90 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70982440 LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetCommandLineW,CommandLineToArgvW,lstrcmpiW,lstrcmpiW,StrRChrW,StrChrW,wsprintfW,OpenEventW,CreateEventW,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess, |
4_2_70982440 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70981570 NtAllocateVirtualMemory,NtAllocateVirtualMemory, |
4_2_70981570 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_709826E0 StrChrW,RtlZeroMemory,NtCreateSection,StrChrW,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,StrChrW,NtClose, |
4_2_709826E0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_7098B650 RtlMoveMemory,NtFlushInstructionCache, |
4_2_7098B650 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_709827F0 GetFileAttributesW,StrChrW,GetProcessHeap,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RtlZeroMemory,RtlZeroMemory,CreateProcessW,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree, |
4_2_709827F0 |
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe |
Code function: 4_2_70982FF0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessW,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle, |
4_2_70982FF0 |