Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9uWGaRcOv8.exe

Overview

General Information

Sample name:9uWGaRcOv8.exe
Analysis ID:1626837
MD5:99f551d75bf6a5f0ee99bceb78093f84
SHA1:c2f253a1ec4e5e9c355c2783ea073f6a40fce335
SHA256:782cbe7f5999e817a6e3b4cf87a30bf31b9fb0fd8ce4552c6f4edd7f89eef2ca
Tags:exeSocks5Systemzuser-aachum
Infos:

Detection

Socks5Systemz
Score:84
Range:0 - 100
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
Yara detected Socks5Systemz
Contains functionality to infect the boot sector
Joe Sandbox ML detected suspicious sample
PE file has a writeable .text section
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 9uWGaRcOv8.exe (PID: 1896 cmdline: "C:\Users\user\Desktop\9uWGaRcOv8.exe" MD5: 99F551D75BF6A5F0EE99BCEB78093F84)
    • 9uWGaRcOv8.tmp (PID: 1268 cmdline: "C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmp" /SL5="$50362,3802515,56832,C:\Users\user\Desktop\9uWGaRcOv8.exe" MD5: 076BF04D950585580F2528A35682570A)
      • diskfilefinder87.exe (PID: 1220 cmdline: "C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe" -i MD5: 465AE51B717D2C468E1FE25941A3DF87)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3320624775.0000000002D01000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
    00000002.00000002.3320552192.0000000002C62000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
      Process Memory Space: diskfilefinder87.exe PID: 1220JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-02-28T23:19:03.004475+010020287653Unknown Traffic192.168.2.550986176.113.115.96443TCP
        2025-02-28T23:19:08.345421+010020287653Unknown Traffic192.168.2.551015176.113.115.96443TCP
        2025-02-28T23:19:09.724739+010020287653Unknown Traffic192.168.2.551025176.113.115.96443TCP
        2025-02-28T23:19:11.006709+010020287653Unknown Traffic192.168.2.551036176.113.115.96443TCP
        2025-02-28T23:19:12.327820+010020287653Unknown Traffic192.168.2.551041176.113.115.96443TCP
        2025-02-28T23:19:13.722376+010020287653Unknown Traffic192.168.2.551045176.113.115.96443TCP
        2025-02-28T23:19:15.235149+010020287653Unknown Traffic192.168.2.551046176.113.115.96443TCP
        2025-02-28T23:19:16.495431+010020287653Unknown Traffic192.168.2.551047176.113.115.96443TCP
        2025-02-28T23:19:17.937963+010020287653Unknown Traffic192.168.2.551048176.113.115.96443TCP
        2025-02-28T23:19:19.190229+010020287653Unknown Traffic192.168.2.551049176.113.115.96443TCP
        2025-02-28T23:19:20.557202+010020287653Unknown Traffic192.168.2.551050176.113.115.96443TCP
        2025-02-28T23:19:22.946154+010020287653Unknown Traffic192.168.2.551051176.113.115.96443TCP
        2025-02-28T23:19:24.249985+010020287653Unknown Traffic192.168.2.551052176.113.115.96443TCP
        2025-02-28T23:19:25.505769+010020287653Unknown Traffic192.168.2.551053176.113.115.96443TCP
        2025-02-28T23:19:26.764671+010020287653Unknown Traffic192.168.2.551054176.113.115.96443TCP
        2025-02-28T23:19:28.111328+010020287653Unknown Traffic192.168.2.551055176.113.115.96443TCP
        2025-02-28T23:19:29.420369+010020287653Unknown Traffic192.168.2.551056176.113.115.96443TCP
        2025-02-28T23:19:30.691834+010020287653Unknown Traffic192.168.2.551057176.113.115.96443TCP
        2025-02-28T23:19:31.965279+010020287653Unknown Traffic192.168.2.551058176.113.115.96443TCP
        2025-02-28T23:19:33.240068+010020287653Unknown Traffic192.168.2.551059176.113.115.96443TCP
        2025-02-28T23:19:34.594685+010020287653Unknown Traffic192.168.2.551060176.113.115.96443TCP
        2025-02-28T23:19:35.967711+010020287653Unknown Traffic192.168.2.551061176.113.115.96443TCP
        2025-02-28T23:19:37.240503+010020287653Unknown Traffic192.168.2.551062176.113.115.96443TCP
        2025-02-28T23:19:38.550896+010020287653Unknown Traffic192.168.2.551063176.113.115.96443TCP
        2025-02-28T23:19:39.921812+010020287653Unknown Traffic192.168.2.551064176.113.115.96443TCP
        2025-02-28T23:19:41.237533+010020287653Unknown Traffic192.168.2.551065176.113.115.96443TCP
        2025-02-28T23:19:42.519822+010020287653Unknown Traffic192.168.2.551066176.113.115.96443TCP
        2025-02-28T23:19:43.871235+010020287653Unknown Traffic192.168.2.551067176.113.115.96443TCP
        2025-02-28T23:19:45.278834+010020287653Unknown Traffic192.168.2.551068176.113.115.96443TCP
        2025-02-28T23:19:46.653396+010020287653Unknown Traffic192.168.2.551069176.113.115.96443TCP
        2025-02-28T23:19:47.925873+010020287653Unknown Traffic192.168.2.551070176.113.115.96443TCP
        2025-02-28T23:19:49.272816+010020287653Unknown Traffic192.168.2.551071176.113.115.96443TCP
        2025-02-28T23:19:50.553958+010020287653Unknown Traffic192.168.2.551072176.113.115.96443TCP
        2025-02-28T23:19:51.922752+010020287653Unknown Traffic192.168.2.551073176.113.115.96443TCP
        2025-02-28T23:19:53.198905+010020287653Unknown Traffic192.168.2.551074176.113.115.96443TCP
        2025-02-28T23:19:54.556004+010020287653Unknown Traffic192.168.2.551075176.113.115.96443TCP
        2025-02-28T23:19:55.910417+010020287653Unknown Traffic192.168.2.551076176.113.115.96443TCP
        2025-02-28T23:19:57.291657+010020287653Unknown Traffic192.168.2.551077176.113.115.96443TCP
        2025-02-28T23:19:58.678385+010020287653Unknown Traffic192.168.2.551078176.113.115.96443TCP
        2025-02-28T23:19:59.969392+010020287653Unknown Traffic192.168.2.551079176.113.115.96443TCP
        2025-02-28T23:20:01.285777+010020287653Unknown Traffic192.168.2.551080176.113.115.96443TCP
        2025-02-28T23:20:02.565482+010020287653Unknown Traffic192.168.2.551081176.113.115.96443TCP
        2025-02-28T23:20:03.835643+010020287653Unknown Traffic192.168.2.551082176.113.115.96443TCP
        2025-02-28T23:20:05.150619+010020287653Unknown Traffic192.168.2.551083176.113.115.96443TCP
        2025-02-28T23:20:06.507027+010020287653Unknown Traffic192.168.2.551084176.113.115.96443TCP
        2025-02-28T23:20:07.925547+010020287653Unknown Traffic192.168.2.551085176.113.115.96443TCP
        2025-02-28T23:20:09.276423+010020287653Unknown Traffic192.168.2.551086176.113.115.96443TCP
        2025-02-28T23:20:11.360959+010020287653Unknown Traffic192.168.2.551087176.113.115.96443TCP
        2025-02-28T23:20:12.732885+010020287653Unknown Traffic192.168.2.551088176.113.115.96443TCP
        2025-02-28T23:20:13.999464+010020287653Unknown Traffic192.168.2.551089176.113.115.96443TCP
        2025-02-28T23:20:15.284288+010020287653Unknown Traffic192.168.2.551090176.113.115.96443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-02-28T23:19:04.899979+010028032742Potentially Bad Traffic192.168.2.550986176.113.115.96443TCP
        2025-02-28T23:19:08.780563+010028032742Potentially Bad Traffic192.168.2.551015176.113.115.96443TCP
        2025-02-28T23:19:10.163937+010028032742Potentially Bad Traffic192.168.2.551025176.113.115.96443TCP
        2025-02-28T23:19:11.456745+010028032742Potentially Bad Traffic192.168.2.551036176.113.115.96443TCP
        2025-02-28T23:19:12.785806+010028032742Potentially Bad Traffic192.168.2.551041176.113.115.96443TCP
        2025-02-28T23:19:14.156682+010028032742Potentially Bad Traffic192.168.2.551045176.113.115.96443TCP
        2025-02-28T23:19:15.663372+010028032742Potentially Bad Traffic192.168.2.551046176.113.115.96443TCP
        2025-02-28T23:19:16.930974+010028032742Potentially Bad Traffic192.168.2.551047176.113.115.96443TCP
        2025-02-28T23:19:18.369604+010028032742Potentially Bad Traffic192.168.2.551048176.113.115.96443TCP
        2025-02-28T23:19:19.623890+010028032742Potentially Bad Traffic192.168.2.551049176.113.115.96443TCP
        2025-02-28T23:19:21.070270+010028032742Potentially Bad Traffic192.168.2.551050176.113.115.96443TCP
        2025-02-28T23:19:23.386565+010028032742Potentially Bad Traffic192.168.2.551051176.113.115.96443TCP
        2025-02-28T23:19:24.681161+010028032742Potentially Bad Traffic192.168.2.551052176.113.115.96443TCP
        2025-02-28T23:19:25.943806+010028032742Potentially Bad Traffic192.168.2.551053176.113.115.96443TCP
        2025-02-28T23:19:27.200641+010028032742Potentially Bad Traffic192.168.2.551054176.113.115.96443TCP
        2025-02-28T23:19:28.548029+010028032742Potentially Bad Traffic192.168.2.551055176.113.115.96443TCP
        2025-02-28T23:19:29.861642+010028032742Potentially Bad Traffic192.168.2.551056176.113.115.96443TCP
        2025-02-28T23:19:31.126691+010028032742Potentially Bad Traffic192.168.2.551057176.113.115.96443TCP
        2025-02-28T23:19:32.403409+010028032742Potentially Bad Traffic192.168.2.551058176.113.115.96443TCP
        2025-02-28T23:19:33.675547+010028032742Potentially Bad Traffic192.168.2.551059176.113.115.96443TCP
        2025-02-28T23:19:35.027010+010028032742Potentially Bad Traffic192.168.2.551060176.113.115.96443TCP
        2025-02-28T23:19:36.405466+010028032742Potentially Bad Traffic192.168.2.551061176.113.115.96443TCP
        2025-02-28T23:19:37.677705+010028032742Potentially Bad Traffic192.168.2.551062176.113.115.96443TCP
        2025-02-28T23:19:38.997953+010028032742Potentially Bad Traffic192.168.2.551063176.113.115.96443TCP
        2025-02-28T23:19:40.359607+010028032742Potentially Bad Traffic192.168.2.551064176.113.115.96443TCP
        2025-02-28T23:19:41.679284+010028032742Potentially Bad Traffic192.168.2.551065176.113.115.96443TCP
        2025-02-28T23:19:42.954052+010028032742Potentially Bad Traffic192.168.2.551066176.113.115.96443TCP
        2025-02-28T23:19:44.307252+010028032742Potentially Bad Traffic192.168.2.551067176.113.115.96443TCP
        2025-02-28T23:19:45.731350+010028032742Potentially Bad Traffic192.168.2.551068176.113.115.96443TCP
        2025-02-28T23:19:47.087232+010028032742Potentially Bad Traffic192.168.2.551069176.113.115.96443TCP
        2025-02-28T23:19:48.358279+010028032742Potentially Bad Traffic192.168.2.551070176.113.115.96443TCP
        2025-02-28T23:19:49.710431+010028032742Potentially Bad Traffic192.168.2.551071176.113.115.96443TCP
        2025-02-28T23:19:50.990043+010028032742Potentially Bad Traffic192.168.2.551072176.113.115.96443TCP
        2025-02-28T23:19:52.363068+010028032742Potentially Bad Traffic192.168.2.551073176.113.115.96443TCP
        2025-02-28T23:19:53.636662+010028032742Potentially Bad Traffic192.168.2.551074176.113.115.96443TCP
        2025-02-28T23:19:54.982945+010028032742Potentially Bad Traffic192.168.2.551075176.113.115.96443TCP
        2025-02-28T23:19:56.352559+010028032742Potentially Bad Traffic192.168.2.551076176.113.115.96443TCP
        2025-02-28T23:19:57.730743+010028032742Potentially Bad Traffic192.168.2.551077176.113.115.96443TCP
        2025-02-28T23:19:59.127460+010028032742Potentially Bad Traffic192.168.2.551078176.113.115.96443TCP
        2025-02-28T23:20:00.416632+010028032742Potentially Bad Traffic192.168.2.551079176.113.115.96443TCP
        2025-02-28T23:20:01.738839+010028032742Potentially Bad Traffic192.168.2.551080176.113.115.96443TCP
        2025-02-28T23:20:02.997963+010028032742Potentially Bad Traffic192.168.2.551081176.113.115.96443TCP
        2025-02-28T23:20:04.275812+010028032742Potentially Bad Traffic192.168.2.551082176.113.115.96443TCP
        2025-02-28T23:20:05.593266+010028032742Potentially Bad Traffic192.168.2.551083176.113.115.96443TCP
        2025-02-28T23:20:06.939590+010028032742Potentially Bad Traffic192.168.2.551084176.113.115.96443TCP
        2025-02-28T23:20:08.356336+010028032742Potentially Bad Traffic192.168.2.551085176.113.115.96443TCP
        2025-02-28T23:20:09.709351+010028032742Potentially Bad Traffic192.168.2.551086176.113.115.96443TCP
        2025-02-28T23:20:11.816341+010028032742Potentially Bad Traffic192.168.2.551087176.113.115.96443TCP
        2025-02-28T23:20:13.179939+010028032742Potentially Bad Traffic192.168.2.551088176.113.115.96443TCP
        2025-02-28T23:20:14.432866+010028032742Potentially Bad Traffic192.168.2.551089176.113.115.96443TCP
        2025-02-28T23:20:15.716687+010028032742Potentially Bad Traffic192.168.2.551090176.113.115.96443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: 9uWGaRcOv8.exeVirustotal: Detection: 15%Perma Link
        Joe Sandbox ML detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.5% probability
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045D230 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,1_2_0045D230
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045D2E4 ArcFourCrypt,1_2_0045D2E4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045D2FC ArcFourCrypt,1_2_0045D2FC
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_10001000 ISCryptGetVersion,1_2_10001000
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_10001130 ArcFourCrypt,1_2_10001130

        Compliance

        barindex
        Detected unpacking (overwrites its own PE header)
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeUnpacked PE file: 2.2.diskfilefinder87.exe.400000.0.unpack
        Source: 9uWGaRcOv8.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Disk File Finder_is1Jump to behavior
        Source: unknownHTTPS traffic detected: 176.113.115.96:443 -> 192.168.2.5:50986 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 176.113.115.96:443 -> 192.168.2.5:51056 version: TLS 1.2
        Source: 9uWGaRcOv8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: msvcp100.i386.pdb source: is-63K4N.tmp.1.dr
        Source: Binary string: msvcr100.i386.pdb source: is-MO0CI.tmp.1.dr
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00452AD4 FindFirstFileA,GetLastError,1_2_00452AD4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00475798 FindFirstFileA,FindNextFileA,FindClose,1_2_00475798
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0046417C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_0046417C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004645F8 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_004645F8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00462BF0 FindFirstFileA,FindNextFileA,FindClose,1_2_00462BF0
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00498FDC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_00498FDC
        Source: global trafficTCP traffic: 192.168.2.5:50998 -> 193.176.153.180:2024
        Source: global trafficTCP traffic: 192.168.2.5:50771 -> 1.1.1.1:53
        Source: Joe Sandbox ViewIP Address: 176.113.115.96 176.113.115.96
        Source: Joe Sandbox ViewIP Address: 193.176.153.180 193.176.153.180
        Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:50986 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51025 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51041 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51049 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51053 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51055 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51063 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51036 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51066 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51067 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51059 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51051 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51054 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51056 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51068 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51061 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51071 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51048 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51078 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51058 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51079 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51076 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51072 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51085 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51075 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51083 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51080 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51047 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51086 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51070 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51046 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51090 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51077 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51073 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51082 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51081 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51084 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51089 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51069 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51045 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51052 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51065 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51060 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51057 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51015 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51062 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51050 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51087 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51074 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51088 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:51064 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51025 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50986 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51056 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51060 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51072 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51086 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51049 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51059 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51062 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51051 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51058 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51063 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51070 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51061 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51047 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51046 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51069 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51053 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51064 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51075 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51066 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51074 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51078 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51067 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51079 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51081 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51076 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51015 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51041 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51068 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51090 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51089 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51088 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51082 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51073 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51045 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51050 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51085 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51057 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51065 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51048 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51055 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51083 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51036 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51077 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51084 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51087 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51080 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51052 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51054 -> 176.113.115.96:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:51071 -> 176.113.115.96:443
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f926d19fe6595cd66946851e91fcd85241ab258d81029326be8ee43a8f51f8a95b5c0212a91f953c588fb52d6db9f51a9a0a29d5954cad713479a672918d4348cd3da955c4cc0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb388926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb389926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb386926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb387926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.180
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.96
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D02B95 WSASetLastError,WSARecv,WSASetLastError,select,2_2_02D02B95
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f926d19fe6595cd66946851e91fcd85241ab258d81029326be8ee43a8f51f8a95b5c0212a91f953c588fb52d6db9f51a9a0a29d5954cad713479a672918d4348cd3da955c4cc0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb388926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb389926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb386926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb387926d19fe6595cd66946951e91fcd852008e318dc05672e26e6fd09b4a144c9c4e9976278d7fd449ad5f64dd7cc9f4badbff4c50d15918a5449d3323240976481d5d5905d4fc17135fdd4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a862a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a872a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a802a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a812a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a822a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a832a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a8c2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a8d2a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b842a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b852a1cec7a86d87bdb6546ad12dac02908ee11d51a29366be8e843a8ec4cda8eec906920dff15bd3c9b841d6d28155b2b7fdc10c06d180594f893e250f8a74d8d9d3935948ce7835f8d90f HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 176.113.115.96
        Source: is-OOG97.tmp.1.dr, is-OK2OL.tmp.1.drString found in binary or memory: http://icu-project.org
        Source: is-I5OK7.tmp.1.drString found in binary or memory: http://www.extend-partition.com/buynow.html
        Source: diskfilefinder87.exe, 00000002.00000003.2061611475.000000000267D000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000000.2060386534.0000000000640000.00000002.00000001.01000000.00000009.sdmp, diskfilefinder87.exe.1.dr, DiskFileFinder.exe.2.dr, is-I5OK7.tmp.1.drString found in binary or memory: http://www.extend-partition.com/pa-extend-partition.html
        Source: diskfilefinder87.exe, 00000002.00000003.2061611475.000000000267D000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000000.2060386534.0000000000640000.00000002.00000001.01000000.00000009.sdmp, diskfilefinder87.exe.1.dr, DiskFileFinder.exe.2.dr, is-I5OK7.tmp.1.drString found in binary or memory: http://www.extend-partition.com/pa-extend-partition.html.KFailed
        Source: diskfilefinder87.exe, 00000002.00000003.2061611475.000000000267D000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000000.2060386534.0000000000640000.00000002.00000001.01000000.00000009.sdmp, diskfilefinder87.exe.1.dr, DiskFileFinder.exe.2.dr, is-I5OK7.tmp.1.drString found in binary or memory: http://www.extend-partition.com/pa-extend-partition.html.bPaging
        Source: 9uWGaRcOv8.tmp, 9uWGaRcOv8.tmp, 00000001.00000002.3319379043.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 9uWGaRcOv8.tmp.0.dr, is-LOECD.tmp.1.drString found in binary or memory: http://www.innosetup.com/
        Source: 9uWGaRcOv8.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
        Source: 9uWGaRcOv8.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: 9uWGaRcOv8.exe, 00000000.00000003.2048491436.0000000002178000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.exe, 00000000.00000003.2048290499.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.tmp, 9uWGaRcOv8.tmp, 00000001.00000002.3319379043.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 9uWGaRcOv8.tmp.0.dr, is-LOECD.tmp.1.drString found in binary or memory: http://www.remobjects.com/ps
        Source: 9uWGaRcOv8.exe, 00000000.00000003.2048491436.0000000002178000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.exe, 00000000.00000003.2048290499.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.tmp, 00000001.00000002.3319379043.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 9uWGaRcOv8.tmp.0.dr, is-LOECD.tmp.1.drString found in binary or memory: http://www.remobjects.com/psU
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/Aj
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/Hj-B
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/Qs
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/Zj
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/_ESB
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb386926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb387926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb388926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb389926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a802a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a812a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a822a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3321008162.0000000003395000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a832a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000888000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a842a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a852a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a862a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a872a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000888000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3321008162.0000000003395000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a8c2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000888000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3321008162.0000000003395000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a8d2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38a926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b842a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.000000000093F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b852a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38b926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c802a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c812a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c822a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c832a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000888000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c842a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c852a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c862a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c872a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c8c2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c8d2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38c926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d802a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d812a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d822a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.0000000003348000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d832a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d842a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d852a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d862a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d872a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d8c2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d8d2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38d926d19fe6595cd66946951e91fcd85200
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f802a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f812a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f822a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f832a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f842a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f852a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.000000000331E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f862a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f872a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f8c2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f8d2a1cec7a86d87bdb6546ad12dac0290
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ai/?key=8f3f2b3ae115416b731ce2a8231678fbb38f926d19fe6595cd66946851e91fcd85241
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ej
        Source: diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/lj
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/mCertificates
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/ography
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/priseCertificates
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://176.113.115.96/rosoft
        Source: 9uWGaRcOv8.exe, 00000000.00000003.2047585853.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.exe, 00000000.00000002.3319836907.0000000002171000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.exe, 00000000.00000003.2047663289.0000000002171000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.tmp, 00000001.00000002.3319787460.00000000006AA000.00000004.00000020.00020000.00000000.sdmp, 9uWGaRcOv8.tmp, 00000001.00000002.3320133850.0000000002178000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.tmp, 00000001.00000003.2049788227.0000000002178000.00000004.00001000.00020000.00000000.sdmp, 9uWGaRcOv8.tmp, 00000001.00000003.2049718803.00000000030F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 51058 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51087 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51025
        Source: unknownNetwork traffic detected: HTTP traffic on port 51041 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51070 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51067 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51015 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50986
        Source: unknownNetwork traffic detected: HTTP traffic on port 51082 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51078 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51061 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51036
        Source: unknownNetwork traffic detected: HTTP traffic on port 51047 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51041
        Source: unknownNetwork traffic detected: HTTP traffic on port 51075 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51050 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51081 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51079 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51045
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51046
        Source: unknownNetwork traffic detected: HTTP traffic on port 51062 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51049
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51047
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51048
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51052
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51053
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51050
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51051
        Source: unknownNetwork traffic detected: HTTP traffic on port 51076 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51053 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51036 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51059 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51084 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51056
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51057
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51054
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51055
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51058
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51059
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51060
        Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51063
        Source: unknownNetwork traffic detected: HTTP traffic on port 51073 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51064
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51061
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51062
        Source: unknownNetwork traffic detected: HTTP traffic on port 51090 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51083 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51060 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51077 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51067
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51068
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51065
        Source: unknownNetwork traffic detected: HTTP traffic on port 50986 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51066
        Source: unknownNetwork traffic detected: HTTP traffic on port 51025 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51069
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51070
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51071
        Source: unknownNetwork traffic detected: HTTP traffic on port 51048 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51074
        Source: unknownNetwork traffic detected: HTTP traffic on port 51074 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51075
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51072
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51073
        Source: unknownNetwork traffic detected: HTTP traffic on port 51051 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51057 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51086 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51078
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51079
        Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51076
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51077
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51081
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51082
        Source: unknownNetwork traffic detected: HTTP traffic on port 51071 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51080
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51085
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51086
        Source: unknownNetwork traffic detected: HTTP traffic on port 51068 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51083
        Source: unknownNetwork traffic detected: HTTP traffic on port 51089 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51084
        Source: unknownNetwork traffic detected: HTTP traffic on port 51054 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51085 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51089
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51087
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51088
        Source: unknownNetwork traffic detected: HTTP traffic on port 51072 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51090
        Source: unknownNetwork traffic detected: HTTP traffic on port 51046 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51069 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51088 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51055 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51080 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51063 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51015
        Source: unknownNetwork traffic detected: HTTP traffic on port 51049 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51066 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 51052 -> 443
        Source: unknownHTTPS traffic detected: 176.113.115.96:443 -> 192.168.2.5:50986 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 176.113.115.96:443 -> 192.168.2.5:51056 version: TLS 1.2

        System Summary

        barindex
        PE file has a writeable .text section
        Source: diskfilefinder87.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: DiskFileFinder.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0042F594 NtdllDefWindowProc_A,1_2_0042F594
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00423B94 NtdllDefWindowProc_A,1_2_00423B94
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004125E8 NtdllDefWindowProc_A,1_2_004125E8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00479380 NtdllDefWindowProc_A,1_2_00479380
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045763C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,1_2_0045763C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0042E944: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,1_2_0042E944
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045568C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_0045568C
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_0040840C0_2_0040840C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00470C741_2_00470C74
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0043533C1_2_0043533C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004813C41_2_004813C4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004678481_2_00467848
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004303D01_2_004303D0
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0044453C1_2_0044453C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004885E01_2_004885E0
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004346381_2_00434638
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00444AE41_2_00444AE4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0048ED0C1_2_0048ED0C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00430F5C1_2_00430F5C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045F16C1_2_0045F16C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004451DC1_2_004451DC
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045B21C1_2_0045B21C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004455E81_2_004455E8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004876801_2_00487680
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0046989C1_2_0046989C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00451A301_2_00451A30
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0043DDC41_2_0043DDC4
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_004010002_2_00401000
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_004067B72_2_004067B7
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609660FA2_2_609660FA
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6092114F2_2_6092114F
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6091F2C92_2_6091F2C9
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096923E2_2_6096923E
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6093323D2_2_6093323D
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095C3142_2_6095C314
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609503122_2_60950312
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094D33B2_2_6094D33B
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6093B3682_2_6093B368
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096748C2_2_6096748C
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6093F42E2_2_6093F42E
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609544702_2_60954470
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609615FA2_2_609615FA
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096A5EE2_2_6096A5EE
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096D6A42_2_6096D6A4
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609606A82_2_609606A8
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609326542_2_60932654
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609556652_2_60955665
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094B7DB2_2_6094B7DB
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6092F74D2_2_6092F74D
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609648072_2_60964807
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094E9BC2_2_6094E9BC
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609379292_2_60937929
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6093FAD62_2_6093FAD6
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096DAE82_2_6096DAE8
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094DA3A2_2_6094DA3A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60936B272_2_60936B27
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60954CF62_2_60954CF6
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60950C6B2_2_60950C6B
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60966DF12_2_60966DF1
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60963D352_2_60963D35
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60909E9C2_2_60909E9C
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60951E862_2_60951E86
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60912E0B2_2_60912E0B
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60954FF82_2_60954FF8
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D22A902_2_02D22A90
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D0536C2_2_02D0536C
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D1BB0D2_2_02D1BB0D
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D1D33F2_2_02D1D33F
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D170D02_2_02D170D0
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D0E0942_2_02D0E094
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D2268D2_2_02D2268D
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D1B6192_2_02D1B619
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D1875A2_2_02D1875A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D1BF252_2_02D1BF25
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D20DC42_2_02D20DC4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00408C1C appears 45 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00406AD4 appears 45 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 0040596C appears 117 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00407904 appears 43 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00403400 appears 60 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00445E48 appears 45 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00457FC4 appears 77 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00457DB8 appears 102 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00434550 appears 32 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00403494 appears 85 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 004533B8 appears 98 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00446118 appears 58 times
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: String function: 00403684 appears 229 times
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: String function: 02D17770 appears 32 times
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: String function: 02D22A20 appears 134 times
        Source: 9uWGaRcOv8.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: 9uWGaRcOv8.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: 9uWGaRcOv8.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
        Source: is-LOECD.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: is-LOECD.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: is-LOECD.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
        Source: sqlite3.dll.2.drStatic PE information: Number of sections : 19 > 10
        Source: is-CAGFV.tmp.1.drStatic PE information: Number of sections : 19 > 10
        Source: 9uWGaRcOv8.exe, 00000000.00000003.2048491436.0000000002178000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs 9uWGaRcOv8.exe
        Source: 9uWGaRcOv8.exe, 00000000.00000003.2048290499.00000000023A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs 9uWGaRcOv8.exe
        Source: 9uWGaRcOv8.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: classification engineClassification label: mal84.troj.evad.winEXE@5/32@0/2
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D0F8E0 _memset,FormatMessageA,GetLastError,FormatMessageA,GetLastError,2_2_02D0F8E0
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045568C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_0045568C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00455EB4 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,1_2_00455EB4
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: CreateServiceA,CloseServiceHandle,2_2_004016E3
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0046E5B8 GetVersion,CoCreateInstance,1_2_0046E5B8
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00409C34 FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409C34
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_0040D35A StartServiceCtrlDispatcherA,2_2_0040D35A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_0040D35A StartServiceCtrlDispatcherA,2_2_0040D35A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_0040D372 StartServiceCtrlDispatcherA,2_2_0040D372
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeFile created: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile read: C:\Windows\win.iniJump to behavior
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: diskfilefinder87.exe, diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: diskfilefinder87.exe, diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: diskfilefinder87.exe, diskfilefinder87.exe, 00000002.00000002.3321287938.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, is-CAGFV.tmp.1.dr, sqlite3.dll.2.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
        Source: 9uWGaRcOv8.exeVirustotal: Detection: 15%
        Source: 9uWGaRcOv8.exeString found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
        Source: 9uWGaRcOv8.exeString found in binary or memory: /LOADINF="filename"
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeFile read: C:\Users\user\Desktop\9uWGaRcOv8.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\9uWGaRcOv8.exe "C:\Users\user\Desktop\9uWGaRcOv8.exe"
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeProcess created: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmp "C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmp" /SL5="$50362,3802515,56832,C:\Users\user\Desktop\9uWGaRcOv8.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe "C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe" -i
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeProcess created: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmp "C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmp" /SL5="$50362,3802515,56832,C:\Users\user\Desktop\9uWGaRcOv8.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe "C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe" -iJump to behavior
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: sqlite3.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpWindow found: window name: TMainFormJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Disk File Finder_is1Jump to behavior
        Source: 9uWGaRcOv8.exeStatic file information: File size 4053219 > 1048576
        Source: 9uWGaRcOv8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: msvcp100.i386.pdb source: is-63K4N.tmp.1.dr
        Source: Binary string: msvcr100.i386.pdb source: is-MO0CI.tmp.1.dr

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeUnpacked PE file: 2.2.diskfilefinder87.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
        Detected unpacking (overwrites its own PE header)
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeUnpacked PE file: 2.2.diskfilefinder87.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00450334 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00450334
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /4
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /19
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /35
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /51
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /63
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /77
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /89
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /102
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /113
        Source: is-CAGFV.tmp.1.drStatic PE information: section name: /124
        Source: sqlite3.dll.2.drStatic PE information: section name: /4
        Source: sqlite3.dll.2.drStatic PE information: section name: /19
        Source: sqlite3.dll.2.drStatic PE information: section name: /35
        Source: sqlite3.dll.2.drStatic PE information: section name: /51
        Source: sqlite3.dll.2.drStatic PE information: section name: /63
        Source: sqlite3.dll.2.drStatic PE information: section name: /77
        Source: sqlite3.dll.2.drStatic PE information: section name: /89
        Source: sqlite3.dll.2.drStatic PE information: section name: /102
        Source: sqlite3.dll.2.drStatic PE information: section name: /113
        Source: sqlite3.dll.2.drStatic PE information: section name: /124
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_004065C8 push 00406605h; ret 0_2_004065FD
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00404185 push 00404391h; ret 0_2_00404389
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00404206 push 00404391h; ret 0_2_00404389
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00404283 push 00404391h; ret 0_2_00404389
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004849F4 push 00484B02h; ret 1_2_00484AFA
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0040995C push 00409999h; ret 1_2_00409991
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00458060 push 00458098h; ret 1_2_00458090
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004860E4 push ecx; mov dword ptr [esp], ecx1_2_004860E9
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004062C4 push ecx; mov dword ptr [esp], eax1_2_004062C5
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004783C8 push ecx; mov dword ptr [esp], edx1_2_004783C9
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004104F0 push ecx; mov dword ptr [esp], edx1_2_004104F5
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00412938 push 0041299Bh; ret 1_2_00412993
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0049AD44 pushad ; retf 1_2_0049AD53
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0040CE48 push ecx; mov dword ptr [esp], edx1_2_0040CE4A
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00459378 push 004593BCh; ret 1_2_004593B4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0040F3A8 push ecx; mov dword ptr [esp], edx1_2_0040F3AA
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0040546D push eax; ret 1_2_004054A9
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004434B4 push ecx; mov dword ptr [esp], ecx1_2_004434B8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0040553D push 00405749h; ret 1_2_00405741
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004055BE push 00405749h; ret 1_2_00405741
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0040563B push 00405749h; ret 1_2_00405741
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004056A0 push 00405749h; ret 1_2_00405741
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0045186C push 0045189Fh; ret 1_2_00451897
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00451A30 push ecx; mov dword ptr [esp], eax1_2_00451A35
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00495BE4 push ecx; mov dword ptr [esp], ecx1_2_00495BE9
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00419C38 push ecx; mov dword ptr [esp], ecx1_2_00419C3D
        Source: is-MO0CI.tmp.1.drStatic PE information: section name: .text entropy: 6.90903234258047

        Persistence and Installation Behavior

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive02_2_02D0E8BD
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-6K7SJ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-OOG97.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\libEGL.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\icuin51.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-63K4N.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\uninstall\is-LOECD.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SOBID.tmp\_isetup\_shfoldr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\icuuc51.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SOBID.tmp\_isetup\_iscrypt.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\Qt5PrintSupport.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeFile created: C:\ProgramData\DiskFileFinder\DiskFileFinder.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SOBID.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-MO0CI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-1D1S7.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-HE282.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-OK2OL.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\libGLESv2.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\msvcp100.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\msvcr100.dll (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeFile created: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\sqlite3.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-NA7E9.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\uninstall\unins000.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-CAGFV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpFile created: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\Qt5Concurrent.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeFile created: C:\ProgramData\DiskFileFinder\sqlite3.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeFile created: C:\ProgramData\DiskFileFinder\DiskFileFinder.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeFile created: C:\ProgramData\DiskFileFinder\sqlite3.dllJump to dropped file

        Boot Survival

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive02_2_02D0E8BD
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_0040D35A StartServiceCtrlDispatcherA,2_2_0040D35A
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C1C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C1C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004241EC IsIconic,SetActiveWindow,SetFocus,1_2_004241EC
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004241A4 IsIconic,SetActiveWindow,1_2_004241A4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00418394 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,1_2_00418394
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004843A8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,1_2_004843A8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0042286C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,1_2_0042286C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0042F2F0 IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,1_2_0042F2F0
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004175A8 IsIconic,GetCapture,1_2_004175A8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00417CDE IsIconic,SetWindowPos,1_2_00417CDE
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00417CE0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,1_2_00417CE0
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0041F128 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,1_2_0041F128
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,2_2_02D0E9C1
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeWindow / User API: threadDelayed 5348Jump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeWindow / User API: threadDelayed 4547Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-6K7SJ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\libEGL.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-OOG97.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\msvcr100.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\icuin51.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-63K4N.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\uninstall\is-LOECD.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-SOBID.tmp\_isetup\_shfoldr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\Qt5PrintSupport.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-SOBID.tmp\_isetup\_iscrypt.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\icuuc51.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-NA7E9.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-SOBID.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-MO0CI.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-1D1S7.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-HE282.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\uninstall\unins000.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-CAGFV.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\Qt5Concurrent.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\is-OK2OL.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\libGLESv2.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\msvcp100.dll (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5966
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeAPI coverage: 4.9 %
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe TID: 616Thread sleep count: 5348 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe TID: 616Thread sleep time: -10696000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe TID: 4144Thread sleep count: 36 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe TID: 4144Thread sleep time: -2160000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe TID: 616Thread sleep count: 4547 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exe TID: 616Thread sleep time: -9094000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00452AD4 FindFirstFileA,GetLastError,1_2_00452AD4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00475798 FindFirstFileA,FindNextFileA,FindClose,1_2_00475798
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0046417C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_0046417C
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_004645F8 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_004645F8
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00462BF0 FindFirstFileA,FindNextFileA,FindClose,1_2_00462BF0
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00498FDC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_00498FDC
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00409B78 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B78
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeThread delayed: delay time: 60000Jump to behavior
        Source: diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000888000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3319787131.0000000000970000.00000004.00000020.00020000.00000000.sdmp, diskfilefinder87.exe, 00000002.00000002.3320833023.00000000032C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeAPI call chain: ExitProcess graph end nodegraph_0-6763
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeAPI call chain: ExitProcess graph end nodegraph_2-61552
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D13A18 _memset,IsDebuggerPresent,2_2_02D13A18
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D1E6CE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,2_2_02D1E6CE
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00450334 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00450334
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D05E60 RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_memset,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,_memset,_memset,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,_memset,_memset,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,2_2_02D05E60
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D180FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_02D180FB
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00478DC4 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,1_2_00478DC4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0042EE28 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,1_2_0042EE28
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_0042E0AC AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,1_2_0042E0AC
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_02D0E875 cpuid 2_2_02D0E875
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: GetLocaleInfoA,0_2_0040520C
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: GetLocaleInfoA,0_2_00405258
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: GetLocaleInfoA,1_2_00408578
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: GetLocaleInfoA,1_2_004085C4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00458670 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,1_2_00458670
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
        Source: C:\Users\user\AppData\Local\Temp\is-UV6QT.tmp\9uWGaRcOv8.tmpCode function: 1_2_00455644 GetUserNameA,1_2_00455644
        Source: C:\Users\user\Desktop\9uWGaRcOv8.exeCode function: 0_2_00405CF4 GetVersionExA,0_2_00405CF4

        Stealing of Sensitive Information

        barindex
        Yara detected Socks5Systemz
        Source: Yara matchFile source: 00000002.00000002.3320624775.0000000002D01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.3320552192.0000000002C62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: diskfilefinder87.exe PID: 1220, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Socks5Systemz
        Source: Yara matchFile source: 00000002.00000002.3320624775.0000000002D01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.3320552192.0000000002C62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: diskfilefinder87.exe PID: 1220, type: MEMORYSTR
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609660FA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,2_2_609660FA
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6090C1D6 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,2_2_6090C1D6
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60963143 sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,2_2_60963143
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096A2BD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,2_2_6096A2BD
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096923E sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,2_2_6096923E
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096A38C sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,2_2_6096A38C
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096748C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,2_2_6096748C
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609254B1 sqlite3_bind_zeroblob,sqlite3_mutex_leave,2_2_609254B1
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094B407 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_6094B407
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6090F435 sqlite3_bind_parameter_index,2_2_6090F435
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609255D4 sqlite3_mutex_leave,sqlite3_bind_text16,2_2_609255D4
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609255FF sqlite3_bind_text,2_2_609255FF
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096A5EE sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,2_2_6096A5EE
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094B54C sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,2_2_6094B54C
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60925686 sqlite3_bind_int64,sqlite3_mutex_leave,2_2_60925686
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094A6C5 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,2_2_6094A6C5
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609256E5 sqlite3_bind_int,sqlite3_bind_int64,2_2_609256E5
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094B6ED sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,2_2_6094B6ED
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6092562A sqlite3_bind_blob,2_2_6092562A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60925655 sqlite3_bind_null,sqlite3_mutex_leave,2_2_60925655
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094C64A sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,2_2_6094C64A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_609687A7 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,2_2_609687A7
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095F7F7 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_6095F7F7
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6092570B sqlite3_bind_double,sqlite3_mutex_leave,2_2_6092570B
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095F772 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,2_2_6095F772
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60925778 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,2_2_60925778
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6090577D sqlite3_bind_parameter_name,2_2_6090577D
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094B764 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,2_2_6094B764
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6090576B sqlite3_bind_parameter_count,2_2_6090576B
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094A894 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,2_2_6094A894
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095F883 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,2_2_6095F883
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094C8C2 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,2_2_6094C8C2
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096281E sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,2_2_6096281E
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6096583A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,2_2_6096583A
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095F9AD sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,2_2_6095F9AD
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6094A92B sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,2_2_6094A92B
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6090EAE5 sqlite3_transfer_bindings,2_2_6090EAE5
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095FB98 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,2_2_6095FB98
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095ECA6 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,2_2_6095ECA6
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095FCCE sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,2_2_6095FCCE
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095FDAE sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,2_2_6095FDAE
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60966DF1 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,2_2_60966DF1
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_60969D75 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,2_2_60969D75
        Source: C:\Users\user\AppData\Local\Disk File Finder 1.0.5.987\diskfilefinder87.exeCode function: 2_2_6095FFB2 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,2_2_6095FFB2

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API        		1
        DLL Side-Loading        		1
        Exploitation for Privilege Escalation        		1
        Deobfuscate/Decode Files or Information        		OS Credential Dumping1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		5
        Windows Service        		1
        DLL Side-Loading        		3
        Obfuscated Files or Information        		LSASS Memory1
        Account Discovery        		Remote Desktop ProtocolData from Removable Media21
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Service Execution        		1
        Bootkit        		1
        Access Token Manipulation        		21
        Software Packing        		Security Account Manager2
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook5
        Windows Service        		1
        DLL Side-Loading        		NTDS35
        System Information Discovery        		Distributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
        Process Injection        		1
        Masquerading        		LSA Secrets41
        Security Software Discovery        		SSHKeylogging12
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
        Virtualization/Sandbox Evasion        		Cached Domain Credentials1
        Process Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Access Token Manipulation        		DCSync21
        Virtualization/Sandbox Evasion        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
        Process Injection        		Proc Filesystem11
        Application Window Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Bootkit        		/etc/passwd and /etc/shadow3
        System Owner/User Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
        System Network Configuration Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.