Loading ...

Play interactive tourEdit tour

Windows Analysis Report 77Etc0bR2v.bin

Overview

General Information

Sample Name:77Etc0bR2v.bin (renamed file extension from bin to exe)
Analysis ID:483795
MD5:e71e3b995477081569ed357e4d403666
SHA1:809c4cc4ae51fcf3eca24e7d7fa5c1b6b5db52ce
SHA256:94b9abbe10bd9d6abcb8dce27814992bf7a09ed416c66998bd3496bda1490713
Tags:exeHartexLLCsignedsoldewornek
Infos:

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Changes security center settings (notifications, updates, antivirus, firewall)
Creates processes via WMI
DLL side loading technique detected
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • 77Etc0bR2v.exe (PID: 5292 cmdline: 'C:\Users\user\Desktop\77Etc0bR2v.exe' MD5: E71E3B995477081569ED357E4D403666)
    • TeamViewer.exe (PID: 2512 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 5568 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TeamViewer.exe (PID: 1264 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 2176 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5316 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 3900 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3488 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1112 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1972 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 2144 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 1412 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6148 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 4012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6408 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TeamViewer.exe (PID: 6452 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6572 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6592 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6656 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6676 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: 77Etc0bR2v.exeVirustotal: Detection: 37%Perma Link
Source: 77Etc0bR2v.exeReversingLabs: Detection: 37%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllReversingLabs: Detection: 26%
Source: 1.2.77Etc0bR2v.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0049B32E __EH_prolog3,CryptGenRandom,__CxxThrowException@8,6_2_0049B32E
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,__CxxThrowException@8,6_2_0049B4A0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_006F605B CryptReleaseContext,6_2_006F605B
Source: C:\Users\user\Desktop\77Etc0bR2v.exeEXE: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: uxtheme.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: CLDAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: winsta.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: msimg32.dll

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: 77Etc0bR2v.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\77Etc0bR2v.exeEXE: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: uxtheme.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: CLDAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: winsta.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: msimg32.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 172.67.205.33:443 -> 192.168.2.5:49752 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: 77Etc0bR2v.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.268193262.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.536045317.000000006EAFD000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.514763598.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.341816195.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.362277725.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345987825.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000002.367975860.000000006EAFD000.00000002.00020000.sdmp
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,3_2_6EAF28B0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,3_2_6EAF2DF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004BF3A9 __EH_prolog3,GetVolumeInformationW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,GetVolumeInformationW,6_2_004BF3A9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0050331C __EH_prolog3_catch,FindFirstFileW,GetLastError,__CxxThrowException@8,FindClose,6_2_0050331C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,6_2_6EAF2DF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,6_2_6EAF28B0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,8_2_6EAF28B0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,8_2_6EAF2DF0
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85134Content-Type: multipart/form-data; boundary=--------3509900953User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 86809Content-Type: multipart/form-data; boundary=--------4132168479User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 88912Content-Type: multipart/form-data; boundary=--------142932537User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84988Content-Type: multipart/form-data; boundary=--------175819007User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84980Content-Type: multipart/form-data; boundary=--------4273960975User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84976Content-Type: multipart/form-data; boundary=--------1234881971User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84926Content-Type: multipart/form-data; boundary=--------3962184161User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84962Content-Type: multipart/form-data; boundary=--------1422274513User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85001Content-Type: multipart/form-data; boundary=--------1112577220User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85017Content-Type: multipart/form-data; boundary=--------3839284298User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85026Content-Type: multipart/form-data; boundary=--------3697122959User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85132Content-Type: multipart/form-data; boundary=--------847302753User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85014Content-Type: multipart/form-data; boundary=--------4150287082User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85006Content-Type: multipart/form-data; boundary=--------2687879271User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84930Content-Type: multipart/form-data; boundary=--------1383517322User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84992Content-Type: multipart/form-data; boundary=--------2011772679User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84976Content-Type: multipart/form-data; boundary=--------1980331567User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84961Content-Type: multipart/form-data; boundary=--------2185878550User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84985Content-Type: multipart/form-data; boundary=--------3572611147User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84961Content-Type: multipart/form-data; boundary=--------2639774921User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84974Content-Type: multipart/form-data; boundary=--------428629968User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84984Content-Type: multipart/form-data; boundary=--------1864185560User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84991Content-Type: multipart/form-data; boundary=--------1379028263User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84962Content-Type: multipart/form-data; boundary=--------2355185848User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85028Content-Type: multipart/form-data; boundary=--------1302388111User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84976Content-Type: multipart/form-data; boundary=--------1638634252User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85242Content-Type: multipart/form-data; boundary=--------3575858873User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84965Content-Type: multipart/form-data; boundary=--------285568995User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 88438Content-Type: multipart/form-data; boundary=--------2471988User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85028Content-Type: multipart/form-data; boundary=--------1216366252User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85015Content-Type: multipart/form-data; boundary=--------3636690275User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84958Content-Type: multipart/form-data; boundary=--------1861026164User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84979Content-Type: multipart/form-data; boundary=--------2060288736User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85018Content-Type: multipart/form-data; boundary=--------1941005641User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84997Content-Type: multipart/form-data; boundary=--------168896387User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84996Content-Type: multipart/form-data; boundary=--------2074872272User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85003Content-Type: multipart/form-data; boundary=--------1323967378User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84983Content-Type: multipart/form-data; boundary=--------29895310User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84996Content-Type: multipart/form-data; boundary=--------4240026889User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmRiamBoamBuTJKIemBMmoKGemDwysbMaMTEZsLKzMLGvmLIZshiyspkxsjGYG7Mwr5kanBybGRgbmRiTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260701&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260710&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAAiHrQD5CYOpp7/Zr7rEi/B/CnsUWehIzsjknPiOAQDnHgKBwxxFKCieiWhL1afx9eeCX4JSt5eDF8v1iZJ9o8IQAaQCrRik6ahUAKNkNBEdbLOE0i1SajuFK2r+FTuYEW7cUOxEu9d8mU9y6bkESGL5okL1ayDi3W7V7M1bCeZL HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260710&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAC+ETh/xoaDswnDrzpj2ezWmEgvX0+Ej1wtEYkKVyn+ydtvyFua/3Iri8RKmf9YcE9fPWO9gKA702VTWXdcuP9paHCFsUzDIqXKZ7SOAdSL0LmDI+BCYg1VARH3ovhl/wWKHhKvbobA55zrvFJv9j5s06datZSDN5Epd+G/FNL5V HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260719&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260736&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260736&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12652280&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12652280&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12652280&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.280519972.000000000570A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001.
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001.Windows.Phot
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001p
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001y#U
Source: TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=1000
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.280800923.000000000570A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002ter15.teamviewer.com
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.329170945.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGate
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGatet
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGateu
Source: TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGate
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGate-Out)LMEMX
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGatet
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/ent=DynGate&p=10000002
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://go.teamviewer.comn0
Source: TeamViewer.exe, 00000006.00000003.274797829.0000000005791000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001:
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001H5
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001H;t
Source: TeamViewer.exe, 00000006.00000003.274797829.0000000005791000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001c6
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001h
Source: TeamViewer.exe, 00000006.00000003.274699335.000000000577F000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001j
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=100000012
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001Windows.Phot
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001m
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001s
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001w
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=39260701&client=DynGate&p=10000002g
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=39260719&client=DynGate&p=10000002w
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=39260736&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys