Windows Analysis Report
AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Overview

General Information

Sample name:	AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Analysis ID:	1527909
MD5:	637a0fd3e65d39ad0c6c3d5cc042c4de
SHA1:	b47fd7f796afc81221206c91bdcc3e8e9ddc91d3
SHA256:	91226bee406922357d5d1ea945a5b6e8866e0ee7a75d897ecf339f6ff38c18c9
Infos:

Detection

Score:	26
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Compliance

Score:	49
Range:	0 - 100

Signatures

.NET source code contains method to dynamically call methods (often used by packers)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Connects to many different domains

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Drops PE files

Drops certificate files (DER)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Phishing

HTML page contains hidden javascript code

Source: https://m-embed.airdroid.com/cast_link.html?airdroidCast-code=028461947

HTTP Parser: Base64 decoded: <?xml version="1.0" encoding="utf-8"?> <svg version="1.1" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="grad" gradientUnits="objectBoundingBox" x1="0.5" y1="0.0" x2="0.5" y2="1.0"><stop offset="0%" stop-color="#42c662"/><stop offset="61%" s...

Compliance

Uses 32bit PE files

Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Window detected: < &BackI &AgreeCancelSand Studio Sand StudioLicense AgreementPlease review the license terms before installing AirDroid Cast 1.2.1.0.Press Page Down to see the rest of the agreement.AIRDROID END USER LICENSE AGREEMENTEffective Date: 24 July2020TheAirDroid End User License Agreement(thereinafter "Agreement") is jointly concluded by You (the "End User"/"User") and SAND STUDIO for Your use of Services (defined below) provided by SAND STUDIO. "SAND STUDIO" refers to SAND STUDIO PTE.LTD. and/or any associated operator (hereinafter collectively referred to as "SAND STUDIO" the "Company" "We" "Us" or "Our") that may exist with respect to its related services and both You and We will be legally bound by this Agreement. Please read terms in this Agreement carefully before using the Services (defined below) offered by Us.By visiting our websites or using our Services in any manner You agree that You have read and agree to be bound by the terms and conditions of this Agreement. Use of the Companys services is expressly conditioned upon Your assent to all or parts of the terms and conditions of this Agreement to the exclusion of all other terms.This Agreement applies when You enter into this Agreement with us as an INDIVIDUAL rather than as an Enterprise User. If You are an Enterprise User employee agent trustee of an Enterprise User authorized person to supervise or manage the use of AirDroid by an Enterprise User or other person to use AirDroid Services for the interest of an enterprise please visit theAirdroid Enterprise User License Agreementread and decide whether to agree to theAirdroid Enterprise User License Agreement.The terms of this Agreement that are or may be material to Your rights and interests have been marked in bold and please pay specific attention to them.I. DEFINITIONIn this Agreement1. The"Website"means the www.airdroid.com website and domain name and any other linked pages features contents or application services (including but not limited to any mobile application services) offered from time to time by the Company in connection therewith.2. The"AirDroid Services"or"Services"mean all software products services websites and relevant contents provided by the Company.3. The"AirDroid Account"or"Account"means the users account created by the user when using AirDroid Services the username and password of which can identify You.4. The"AirDroid Contents"or"Contents"mean all materials offered displayed or performed on the Services including but not limited to software text graphics articles photographs images illustrations etc.5."Third Party Services"mean third party websites services and/or contents that are not owned or controlled by the Company during the Services.6."Affiliates" for the purpose of this Agreement mean enterprises that directly or indirectly control the Company or are under the control of the Company or are under control together with the Company. For the purpose of this definition "control" refers to

Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Static PE information: certificate valid

Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe

File opened: C:\Program Files (x86)\AirDroid Cast\MSVCR100.dll

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.35.72:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.230.180:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.106.112.204:443 -> 192.168.2.4:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.181.65:443 -> 192.168.2.4:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 170.106.112.204:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.35.72:443 -> 192.168.2.4:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50310 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.3:443 -> 192.168.2.4:50336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.51.42.41:443 -> 192.168.2.4:50353 version: TLS 1.2

Source:	Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: F:\SourceCode\QRCoder\QRCoder\obj\Release\QRCoder.pdb source: AirDroidCast.exe, 00000009.00000002.6309499575.0000000012A12000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: E:\GitCode\tb-scrcyp\win\scrcpy-1.17lib\Win32\Debug\libscrcpy.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib120.i386.pdb0 source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\GitCode\airdroid_business_win_source\Launcher\Release\Launcher.pdb source: Launcher.exe, 00000006.00000002.2304489262.00000000010B4000.00000002.00000001.01000000.00000011.sdmp, Launcher.exe, 00000006.00000000.2222831243.00000000010B4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet\bin\2010\Win32\ReleaseNativeOnly\SQLite.Interop.pdb source: AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: Helper.pdb source: Helper.exe, 00000004.00000000.2127526906.00000000000C2000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: AirDroidCast.exe, 00000009.00000002.6242501724.000000000E8A2000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: F:\SourceCode\QRCoder\QRCoder\obj\Release\QRCoder.pdb@ source: AirDroidCast.exe, 00000009.00000002.6309499575.0000000012A12000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: msvcr100.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6328410303.0000000066061000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: vcruntime140.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.i386.pdbGCTL source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Project\SVN_Code\usbmuxd-vs\Release\libimdusb.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000031E2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet\bin\2010\Win32\ReleaseNativeOnly\SQLite.Interop.pdb) source: AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: msvcp120.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdbGCTL source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\NLog\build\obj\Debug\.NET Framework 2.0\NLog.pdb source: AirDroidCast.exe, 00000009.00000002.6218378783.000000000BF02000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: msvcp140.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\Win-2623\download\chromium\src\out\Release\libcef.dll.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib120.i386.pdb source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\GitCode\tb-scrcyp\win\scrcpy-1.17lib\Win32\Debug\libscrcpy.pdb66 source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp

Source: global traffic	HTTP traffic detected: GET /p20/config/get?q=060171db4cdf21247c1106dd350462c553d869f2f6aa952e711efe06dd1efbc309196f07d75123bdd2e805ab9881a0a65983f146469c00e8959989774fcce1fc49df2dd68644032a677dbae13b26f87958db153d6b84bde73c4054cecc59167e374011feba57c5abf996e738f2328cdf9efe9dc6debee02e8ae353a220430037&_t=4b01aa57d89c4930828cc218434270fe&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/config/get?q=060171db4cdf2124a748bf3099787f00ca8f311896c8501e99528cb63c8ed93d3c6e1f1786ab03871ec49c1d73049355af6b05b48c94538ed401a7824a1c1dd733092cfabc7c86949eab0fad91133ac1efd5a78a27bf69ec09e4cdad9e556bc4640745088d2470adbb9050b532896bdce5a58fe5471c8641&_t=1bfd2a911da54bd2b90dc561d3cd5196&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /?id=-999&st=gopush&side=pub&key=p-713--999&_t=ccb849caa0ba4cde8786dcfe4a60420e&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: lb.airdroid.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /p20/config/get?q=060171db4cdf2124790835ed4a14a722fb0a1ea01fb5d10db87f753d016ca5c7154675f8eb96f45f5e9e7e63137d451c38f3f0c7b4487c8f9b5659506404791cf4ae381e8652a49921f678278545d440&_t=a3b9b14e6e95428288f28e4cba19e9fc&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/pc/getconfig?_t=a9de59c2c8bd41c9a88e34ed59bca69d&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /pushtodevicebyaccountid?appType=airdroid&accountId=-999&deviceType=phone&msg=%7b%22pid%22%3a%22734743740%22%2c%22uri%22%3a%22%5c%2fcfunc%5c%2fserver_info_response%5c%2f%22%2c%22result%22%3a%7b%22sname%22%3a%22066656%22%2c%22ip%22%3a%22192.168.2.4%22%2c%22fport%22%3a%2230001%22%2c%22channel_id%22%3a%22-999%22%7d%7d&expire=0&token=c3aadea79a48d66055f0a36f08994148&session=&_t=3a388f0f311a4ae2b177b192821786b1&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: push.airdroid.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /user/cantrial?q=7b81265dfb489e1ee9cd6e0341638d121e94fa51e9fde186b92c31e1ed68b1ec421a2be27e5a6cd3c5c0948d7fec53ce55af4ae424f65be44785e5110107fb7a&_t=7e2d5e07b5454a34be380176919b1e74&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: id-cast.airdroid.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /channel/save?key=p-713-&deviceType=PC&appType=airdroid&accountId=-999&appChannel=airdroid&token=0&session=&_t=70172575129846468ef6a2fb86fac030&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: push.airdroid.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /p20/DeviceAll/UpdateNetInfo?device_id=0aebe46aed374d01b57a5a418751ed64&mac=ECF4BBEA1588&local_ip=192.168.2.4&local_port=30001&session=&_t=edfe90c0fb2b4adba7cb5e7d79ae6273&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/pc/getcustomurl?country=&lang=en&is_vip=0&is_unlock=0&app_channel=0&user_type=personal&_t=8c827a979e1145f8a009a7e50fe69b92&app_ver=1.2.1.0&device_type=63&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /sharecode/new/?q=b232ab4d8990730a5a18ac5e893e1c30ed666a6dabd904613d5043c1e43f807ab746797dc38e48bed2c6fb62c2597f18d2e805ab9881a0a6dfa54a844bac2d08e62b9b55b223cb128604f02b123554032ab6807638a3c77bbb9050b532896bdc05365709f880b8717fad0b77eea46025cb94582e5c39c7290175877a18f509fb24243c7b1c9a677dfe7e1666613a25a38672a7a66f9da128b6ac3da381a288df3a009444a9e20a520996ca55c27d36652e0a8c9ab2b34f316850eeef2d75e0a8afdff23b49f79128421a2be27e5a6cd3c5c0948d7fec53ced2e805ab9881a0a67d40ceea6d9d0d8b4e786dee9570650842c21cc6b4790dff&_t=8d469ef68b2d4cd5a754687b51c15374&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: id-cast.airdroid.com
Source: global traffic	HTTP traffic detected: GET /channel/save?key=p-713-&deviceType=PC&appType=airdroid&accountId=-999&appChannel=airdroid&token=0&session=&_t=bb8de68b59634c85a7d19d7cdd7ce770&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: push.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/crossrecommend/getcrossrecommend?q=7b81265dfb489e1ee65fdc5bcd9589e7ddbed44605e23cf5b82aa069433fee17d2e805ab9881a0a6dfa54a844bac2d08e62b9b55b223cb128604f02b123554035480db629fbed72d354b04dfeef93d05481e8599b83a9041d7ebc9a573e03f0b44e9a6313eaac0dab8641e71b13c9e0400bb212cd4b7191d89cf20646cf12fd7f521f10f1dc970e8fb6dfa1a649f41a62ec62cfa1731602f4dab9ba34912bc52cb3f30f06e02f1d3&_t=6b0cdea836ec40c5aedce8e0f5da570d&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/crossrecommend/getcrossrecommend?q=7b81265dfb489e1ee65fdc5bcd9589e7ddbed44605e23cf5b82aa069433fee17d2e805ab9881a0a6dfa54a844bac2d08e62b9b55b223cb128604f02b123554035480db629fbed72d354b04dfeef93d05481e8599b83a9041d7ebc9a573e03f0b44e9a6313eaac0dab8641e71b13c9e0400bb212cd4b7191d89cf20646cf12fd7f521f10f1dc970e8fb6dfa1a649f41a62ec62cfa1731602f4dab9ba34912bc52cb3f30f06e02f1d3&_t=9033b1b788ed4d07bb80582a0fdc589d&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /channel/save?key=p-713-&deviceType=PC&appType=airdroid&accountId=-999&appChannel=airdroid&token=0&session=&_t=8efb6c156acc495ea9ffe05072ab8145&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: push.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/config/get?q=060171db4cdf21247c1106dd350462c553d869f2f6aa952e711efe06dd1efbc309196f07d75123bdd2e805ab9881a0a65983f146469c00e8959989774fcce1fc49df2dd68644032a677dbae13b26f87958db153d6b84bde73c4054cecc59167e374011feba57c5abf996e738f2328cdf9efe9dc6debee02e8ae353a220430037&_t=ce466132074f43d2a38f4cb1416e1215&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: POST /cast/startup/?unique_id=ECF4BBEA1588&account_id=-999&device_id=&wan_ip=&local_ip=192.168.2.4&os=windows&os_version=64%20bit%7CWindows%2010%20Enterprise&app_version=1.2.1.0&network=&wifi_ssid=&type=1&device_type=63&channel=0&startup_time=2024-10-07%2009:57:18&using_duration=10&end_time=2024-10-07%2009:57:28&mac=ECF4BBEA1588&app_ver=1.2.1.0&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2 HTTP/1.1Content-Type: text/htmlHost: stat3.airdroid.comContent-Length: 386Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /p20/config/get?q=060171db4cdf2124f2510574a425110d991082c5820bc755711efe06dd1efbc309196f07d75123bdd2e805ab9881a0a65983f146469c00e8959989774fcce1fc49df2dd68644032a677dbae13b26f87958db153d6b84bde73c4054cecc59167e374011feba57c5abf996e738f2328cdf9efe9dc6debee02e8ae353a220430037&_t=44493533a46342ccbd047c74dcec1350&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /channel/save?key=p-713-&deviceType=PC&appType=airdroid&accountId=-999&appChannel=airdroid&token=0&session=&_t=98d109053230477d9221c316731e070d&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: push.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/crossrecommend/getcrossrecommend?q=7b81265dfb489e1ee65fdc5bcd9589e7ddbed44605e23cf5b82aa069433fee17d2e805ab9881a0a6dfa54a844bac2d08e62b9b55b223cb128604f02b123554035480db629fbed72d354b04dfeef93d05481e8599b83a9041d7ebc9a573e03f0b44e9a6313eaac0dab8641e71b13c9e0400bb212cd4b7191d89cf20646cf12fd7f521f10f1dc970e8fb6dfa1a649f41a62ec62cfa1731602f4dab9ba34912bc52cb3f30f06e02f1d3&_t=0851dce681624a1295e68ebb91a6148c&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/crossrecommend/getcrossrecommend?q=7b81265dfb489e1ee65fdc5bcd9589e7ddbed44605e23cf5b82aa069433fee17d2e805ab9881a0a6dfa54a844bac2d08e62b9b55b223cb128604f02b123554035480db629fbed72d354b04dfeef93d05481e8599b83a9041d7ebc9a573e03f0b44e9a6313eaac0dab8641e71b13c9e0400bb212cd4b7191d89cf20646cf12fd7f521f10f1dc970e8fb6dfa1a649f41a62ec62cfa1731602f4dab9ba34912bc52cb3f30f06e02f1d3&_t=7c9ffe77ca66447fa59db466fc0b27e0&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: GET /p20/pc/upgradewebpackage?inner_version=1210&v=1.2.1.0&type=63&_t=41d71d0921b2479cbcf0865adb45a9ef&app_ver=1.2.1.0&device_type=63&app_channel=0&language=en&version=1210&os_verion=10.0&jtoken=&mode_type=2&account_id=0 HTTP/1.1Host: srv3.airdroid.com
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAEJanOM/f8BEauEo6GRqguxLgAJt0LBh1uWaBD08sPTthnLouxyOeqq8UXC40zxYtXUeuLL3jc98oc4sgTt8Qg5RgpVyPUGOqQCdIMU+jHj5jPNgpCOYLzgjk7/68jQbYqRpL5buJGDaKHJUU4Qzi5sjC1iwUwrkBZLfklCNSWdGai+iykzR0ELnFD4lJb88vZch+TXuihcRzjbZvJG6mFONQPa3ignNQpsSbQgkMM4xuASI/kaIM+YTU5dBQE1SH8k0CwZj5Yc3H1S94NyGSn+DeuALqccEE8gt3uchW9hnkYs9tmlAQt7GBc9BBk/kSpz+oHgE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1728295295819Host: self.events.data.microsoft.comContent-Length: 7973Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.18.137.17 104.18.137.17
Source: Joe Sandbox View	IP Address: 104.16.118.116 104.16.118.116
Source: Joe Sandbox View	IP Address: 104.16.78.142 104.16.78.142

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49826 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49827 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49859 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49860 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49890 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 170.106.112.204:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49891 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49916 -> 49.51.181.65:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50005 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50007 -> 170.106.112.204:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50009 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49957 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50022 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50047 -> 170.106.112.204:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50066 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50100 -> 49.51.42.41:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50101 -> 49.51.42.41:443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60

Source: Helper.exe, 00000007.00000002.2240434241.0000000002D4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <ShareToFacebook>https://www.facebook.com/dialog/share?app_id=145634995501895&display=popup&href=http%3A%2F%2Fwww.airdroid.com&redirect_uri=http%3A%2F%2Fwww.facebook.com</ShareToFacebook> equals www.facebook.com (Facebook)
Source: Helper.exe, 00000007.00000002.2240434241.0000000002D4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <ShareToFacebook>https://www.facebook.com/dialog/share?app_id=145634995501895&display=popup&href=http%3A%2F%2Fwww.airdroid.com&redirect_uri=http%3A%2F%2Fwww.facebook.comfacebook.com</ShareToFacebook> equals www.facebook.com (Facebook)
Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: <iTongWeiBo>http://www.facebook.com/AppleAAThai</iTongWeiBo> equals www.facebook.com (Facebook)
Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: <iTongWeiBo>https://www.facebook.com/pages/%C4%90%E1%BB%93ng-B%E1%BB%99/625446587487119</iTongWeiBo> equals www.facebook.com (Facebook)
Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: <iTongWeiBo>https://www.facebook.com/pages/IClover/116533728554734</iTongWeiBo> equals www.facebook.com (Facebook)
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000004450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Memory.RendererUsedmail.google.com.gmaildocs.google.comdrive.google.com.docsplus.google.com.plusinbox.google.com.inboxwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.comyahooamazonwikipediaRenderThreadImpl::InitSkiaRenderercontent::RenderThreadImpl::InitializeCompositorThreadcontent::RenderThreadImpl::ScheduleIdleHandlercontent::RenderThreadImpl::GetGpuFactorieschrome://gpu/RenderThreadImpl::CreateOffscreenContext3d_IpcMessageHandlerClass::OnCreateNewFrame_IpcMessageHandlerClass::OnCreateNewFrameProxy_IpcMessageHandlerClass::OnSetZoomLevelForCurrentURL_IpcMessageHandlerClass::OnCreateNewView_IpcMessageHandlerClass::OnNetworkConnectionChanged_IpcMessageHandlerClass::OnCreateNewSharedWorker_IpcMessageHandlerClass::OnUpdateTimezone_IpcMessageHandlerClass::OnPurgePluginListCacheRenderThreadImpl::EstablishGpuChannelSyncICU default timezone is set to Renderer::FILE equals www.youtube.com (Youtube)
Source: AirDroidCast.exe, 00000009.00000002.6038136579.000000000580E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: com.tumblr.https://www.tumblr.com/4com.google.android.youtube0https://www.youtube.com/,net.slickdeals.android,http://slickdeals.net/,com.soundcloud.android.https://soundcloud.com/0com.stackexchange.marvin2http://stackoverflow.com/ equals www.youtube.com (Youtube)
Source: AirDroidCast.exe, 00000009.00000002.6038136579.000000000580E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: com.whatsapp2https://web.whatsapp.com/&com.facebook.katana2https://www.facebook.com/"com.facebook.orca,org.telegram.messenger equals www.facebook.com (Facebook)
Source: AirDroidCast.exe, 00000009.00000002.6038136579.000000000580E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: default_new.pngcom.google.android.gm0https://mail.google.com/:com.google.android.apps.inbox2https://inbox.google.com/.com.google.android.keep0https://keep.google.com/&com.twitter.android(https://twitter.com/8com.google.android.apps.plusZhttps://plus.google.com/u/0/notifications/all6com.google.android.calendar>https://www.google.com/calendar&com.groupme.android0https://app.groupme.com/com.instagram.android*http://instagram.com/ equals www.twitter.com (Twitter)
Source: AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/dialog/oauth?client_id={0}&scope={1}&display=popup&redirect_uri={2}&response_type=codedhttp://www.facebook.com/connect/login_success.html8manage_pages,publish_actions equals www.facebook.com (Facebook)
Source: AirDroidCast.exe, 00000009.00000002.5999506937.0000000004071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/dialog/share?app_id=145634995501895&display=popup&href=http%3A%2F%2Fwww.airdroid.com&redirect_uri=http%3A%2F%2Fwww.facebook.com equals www.facebook.com (Facebook)
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000004450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: stat3.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: srv3.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: www.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: css-1-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: js-1-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: cdn1.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: img-4-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: img-5-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: img-1-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: img-2-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: img-3-cdn.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 96.4.1.0.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: lb.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: push.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: id-cast.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: js.hs-scripts.com
Source: global traffic	DNS traffic detected: DNS query: us-east-1-data.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: js.hsleadflows.net
Source: global traffic	DNS traffic detected: DNS query: js.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: js.hs-analytics.net
Source: global traffic	DNS traffic detected: DNS query: js.usemessages.com
Source: global traffic	DNS traffic detected: DNS query: js.hsadspixel.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-banner.com
Source: global traffic	DNS traffic detected: DNS query: api.hubapi.com
Source: global traffic	DNS traffic detected: DNS query: cta-service-cms2.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: api.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: forms.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: track.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: perf-na1.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: m-embed.airdroid.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: dl.airdroid.com

Source: postproc-55.dll.0.dr	Static PE information: Number of sections : 12 > 10
Source: avfilter-7.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: avcodec-58.dll.0.dr	Static PE information: Number of sections : 12 > 10

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DRyKK4Eby6agGce&MD=km2sG7cX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pc/installstat?mac=ECF4BBEA1588&os_ver=10%2E0&os_lang=2057&ui_lang=1033&air_ver=1.2.1.0&os=windows&step=1 HTTP/1.1User-Agent: NSIS InetBgDL (Mozilla)Host: stat3.airdroid.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /pc/installstat?mac=ECF4BBEA1588&os_ver=10%2E0&os_lang=2057&ui_lang=1033&air_ver=1.2.1.0&os=windows&step=2 HTTP/1.1User-Agent: NSIS InetBgDL (Mozilla)Host: stat3.airdroid.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /thankyou/install-airdroid-cast.html HTTP/1.1Host: www.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/css/main-b0d5f56ad2.min.css HTTP/1.1Host: css-1-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/nav-1965d8efa6.min.css HTTP/1.1Host: css-1-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/swiper-d339c965d0.min.css HTTP/1.1Host: css-1-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/thankCast-e792eba9a8.min.css HTTP/1.1Host: css-1-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/framework-d621d0521a.min.js HTTP/1.1Host: js-1-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5Host: srv3.airdroid.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DRyKK4Eby6agGce&MD=km2sG7cX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/img/header/new-16d9649831.gif HTTP/1.1Host: cdn1.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://css-1-cdn.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: lang=en
Source: global traffic	HTTP traffic detected: GET /assets/img/header/pic_business-17c59424d8.png HTTP/1.1Host: cdn1.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://css-1-cdn.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: lang=en
Source: global traffic	HTTP traffic detected: GET /assets/img/sprite_1x_default-5d3c37748f.png HTTP/1.1Host: cdn1.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://css-1-cdn.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: lang=en
Source: global traffic	HTTP traffic detected: GET /assets/img/thankyou/ic_successful@2x-eee87c7ece.png HTTP/1.1Host: img-4-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: lang=en
Source: global traffic	HTTP traffic detected: GET /assets/img/thankyou/airplay_step02-966986a14c.gif HTTP/1.1Host: img-4-cdn.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: lang=en
Source: global traffic	HTTP traffic detected: GET /assets/img/logo/logo_bz-white@2x-5cb5211350.png HTTP/1.1Host: cdn1.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/sprite_2x_default-f15882b89f.png HTTP/1.1Host: cdn1.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://css-1-cdn.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: lang=en
Source: global traffic	HTTP traffic detected: GET /assets/img/logo/logo_green@2x-1cc91453e3.png HTTP/1.1Host: cdn1.airdroid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.airdroid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp120.dll^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003045000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: std::stringRefCountedStringTraceEventMemoryOverheadresident_size%s/%sWorkItemCallback::Run\VarFileInfo\TranslationCompanyShortNameCompanyNameProductNameInternalNameCommentsProductShortNameProductVersionLegalCopyrightLegalTrademarksFileDescriptionFileVersionPrivateBuildSpecialBuildOriginalFilenameOfficial BuildLastChange\StringFileInfo\%04x%04x\%ls1 vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibcef.dll vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibimd.dllB vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr120.dll^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepostproc-55.dll. vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameswresample-3.dll. vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameswscale-5.dll. vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevccorlib120.DLL^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevccorlib140.DLL^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000032CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.00000000031E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Source: AirDroidCastInstaller.exe.0.dr, iPqB10mZn73WBojA0P.cs	Cryptographic APIs: 'CreateDecryptor'
Source: AirDroidCastInstaller.exe.0.dr, iPqB10mZn73WBojA0P.cs	Cryptographic APIs: 'CreateDecryptor'
Source: AirDroidCastInstaller.exe.0.dr, iPqB10mZn73WBojA0P.cs	Cryptographic APIs: 'CreateDecryptor'

Source: Helper.exe, 00000004.00000002.2137312482.0000000002507000.00000004.00000800.00020000.00000000.sdmp, Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, Helper.exe, 00000007.00000002.2240434241.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ,.abap,.as,.ada,.adb,.htaccess,.htgroups,.htpasswd,.conf,.asciidoc,.asm,.ahk,.bat,.cmd,.c9search_results,.cpp,.c,.cc,.cxx,.h,.hh,.hpp,.clj,.cbl,.cob,.coffee,.cf,.cson,.cakefile,.cfm,.cs,.css,.curly,.d,.di,.dart,.diff,.patch,.dot,.erl,.hrl,.ejs,.frt,.fs,.ldr,.ftl,.glsl,.frag,.vert,.go,.groovy,.haml,.hbs,.handlebars,.tpl,.mustache,.hs,.hx,.html,.htm,.xhtml,.cshtml,.erb,.rhtml,.ini,.cfg,.prefs,.jack,.jade,.java,.js,.jsm,.json,.oexe,.jq,.jsp,.jsx,.jl,.tex,.latex,.ltx,.bib,.less,.liquid,.lisp,.ls,.logic,.lql,.lsl,.lua,.lp,.lucene,.makefile,.gnumakefile,.ocamlmakefile,.make,.matlab,.md,.markdown,.mel,.mysql,.mc,.mush,.nix,.m,.mm,.ml,.mli,.pas,.p,.pl,.pm,.pgsql,.php,.phtml,.ps1,.plg,.prolog,.properties,.proto,.py,.r,.rd,.rb,.ru,.gemspec,.rake,.guardfile,.rakefile,.gemfile,.rs,.sass,.scad,.scala,.scm,.rkt,.scss,.sh,.bash,..bashrc,.sjs,.space,.snippets,.soy,.sql,.styl,.stylus,.svg,.tcl,.txt,.log,.textile,.toml,.twig,.ts,.typescript,.str,.vbs,.vm,.v,.vh,.sv,.svh,.xml,.rdf,.rss,.wsdl,.xslt,.atom,.mathml,.mml,.xul,.xbl,.xq,.yaml,.yml,.strings,.sln,.lang
Source: AirDroidCast.exe, 00000009.00000002.5999506937.0000000004071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ,.abap,.as,.ada,.adb,.htaccess,.htgroups,.htpasswd,.conf,.asciidoc,.asm,.ahk,.bat,.cmd,.c9search_results,.cpp,.c,.cc,.cxx,.h,.hh,.hpp,.clj,.cbl,.cob,.coffee,.cf,.cson,.cakefile,.cfm,.cs,.css,.curly,.d,.di,.dart,.diff,.patch,.dot,.erl,.hrl,.ejs,.frt,.fs,.ldr,.ftl,.glsl,.frag,.vert,.go,.groovy,.haml,.hbs,.handlebars,.tpl,.mustache,.hs,.hx,.html,.htm,.xhtml,.cshtml,.erb,.rhtml,.ini,.cfg,.prefs,.jack,.jade,.java,.js,.jsm,.json,.oexe,.jq,.jsp,.jsx,.jl,.tex,.latex,.ltx,.bib,.less,.liquid,.lisp,.ls,.logic,.lql,.lsl,.lua,.lp,.lucene,.makefile,.gnumakefile,.ocamlmakefile,.make,.matlab,.md,.markdown,.mel,.mysql,.mc,.mush,.nix,.m,.mm,.ml,.mli,.pas,.p,.pl,.pm,.pgsql,.php,.phtml,.ps1,.plg,.prolog,.properties,.proto,.py,.r,.rd,.rb,.ru,.gemspec,.rake,.guardfile,.rakefile,.gemfile,.rs,.sass,.scad,.scala,.scm,.rkt,.scss,.sh,.bash,..bashrc,.sjs,.space,.snippets,.soy,.sql,.styl,.stylus,.svg,.tcl,.txt,.log,.textile,.toml,.twig,.ts,.typescript,.str,.vbs,.vm,.v,.vh,.sv,.svh,.xml,.rdf,.rss,.wsdl,.xslt,.atom,.mathml,.mml,.xul,.xbl,.xq,.yaml,.yml,.strings,.sln,.lang4'^q4'^q

Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5596:120:WilError_03
Source: C:\Program Files (x86)\AirDroid Cast\usbmuxd\usbmuxd.exe	Mutant created: \Sessions\1\BaseNamedObjects\???d??????????
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5244:120:WilError_03

Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM [task] ORDER BY completed_time DESC,modify_time DESC, sort ASC;jSelect seq from [sqlite_sequence] WHERE [name]='task'LDELETE FROM [task] WHERE create_time<'0SELECT * from [task] {0},AND Description='{0}'
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM [task] {0} ORDER BY completed_time DESC,modify_time DESC, sort ASC; AND class='{0}'
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [play_record](dna,title,artist,album,genre,play_duration,duration,play_date,favorite,auto_play,upload) VALUES('{0}', '{1}', '{2}', '{3}','{4}' ,{5}, {6} , '{7}' ,{8},{9},{10});
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select file_path from [music_info] where file_exist=1 and state=1l select wave from [music_info] where file_path='{0}';
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: update [music_info] set wave_analysis={0} where file_path='{1}';nupdate [music_info] set wave_analysis=0, {0} where {1};
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ROWID FROM [AirNotify] where Title='{0}' and Content='{1}' order by MsgDate desc limit 1;
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [music_info](file_path,music_category,music_folder,file_last_modify,file_size,file_exist,state,media_kind,width,height) VALUES('{0}','{1}','{2}','{3}','{4}',1,1,{5},{6},{7});
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: update [music_info] set file_exist_playlist={0} {1} where file_path='{2}';
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select sql from sqlite_master where tbl_name='{0}' and type='table';
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select [type],[SKU] from [OpenWith_Soft] where [UDID]='{0}' order by [ROWID] asc;
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select file_exist_playlist from [music_info] where file_path='{0}';
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: update [monitored_folder] set [isMonitor] = 0 where music_folder='{0}';
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE [music_info] SET file_last_modify='{0}',music_category='{1}',music_folder='{2}' WHERE file_path='{3}';vUPDATE [music_info] SET file_exist=0 WHERE file_path='{0}';^delete from [music_info] where file_path='{0}';Xinsert into [music_info]({0}) values({1});
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Select Identifier from [Ignore_Package_Info] where DeviceId ={0}xSelect rowid from [Ignore_Device_Info] where DeviceId='{0}';
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ROWID FROM [task] WHERE [name]='{0}' AND (save_path='{1}' or save_path='{2}');
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select [type],[SKU] from [OpenWith_Soft] where [UDID]='{0}' and type={1} order by [ROWID] asc;
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE [music_info] SET file_last_modify='{0}',music_category='{1}',music_folder='{2}',state={3} WHERE file_path='{4}';
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: AirDroidCast.exe, 00000009.00000002.6336760625.00000000661F4000.00000002.00000001.01000000.0000002A.sdmp	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: Helper.exe, 00000004.00000002.2140928933.0000000003448000.00000004.00000800.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.6038136579.0000000005071000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select [InputPath],[OutputPath],[Name],[Format],[FileSize],[Duration],[Status] from [MediaConvert] where 1=1;

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Automated click: OK
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Automated click: Next >
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Automated click: I Agree
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Automated click: Install

Source: avcodec-58.dll.0.dr	Static PE information: section name: .rotext
Source: avcodec-58.dll.0.dr	Static PE information: section name: .rodata
Source: avfilter-7.dll.0.dr	Static PE information: section name: .rodata
Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .voltbl
Source: libAirPlay.dll.0.dr	Static PE information: section name: _RDATA
Source: libVD.dll.0.dr	Static PE information: section name: _RDATA
Source: libVD_x64.dll.0.dr	Static PE information: section name: _RDATA
Source: libWebRTC.dll.0.dr	Static PE information: section name: .rodata
Source: libcef.dll.0.dr	Static PE information: section name: .rodata
Source: libcef.dll.0.dr	Static PE information: section name: _RDATA
Source: libscrcpy.dll.0.dr	Static PE information: section name: .textbss
Source: libscrcpy.dll.0.dr	Static PE information: section name: .msvcjmc
Source: libscrcpy.dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: postproc-55.dll.0.dr	Static PE information: section name: .xdata
Source: vccorlib120.dll.0.dr	Static PE information: section name: minATL
Source: vccorlib140.dll.0.dr	Static PE information: section name: minATL
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: VirtualDesktop.dll.0.dr	Static PE information: section name: _RDATA

Source: libimdusb.dll.0.dr	Static PE information: section name: .text entropy: 6.89308602799101
Source: msvcr100.dll.0.dr	Static PE information: section name: .text entropy: 6.9169969425576285
Source: msvcr120.dll.0.dr	Static PE information: section name: .text entropy: 6.95576372950548
Source: usbmuxd.exe.0.dr	Static PE information: section name: .text entropy: 6.866055164425

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\DIHConfig.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\dpinst32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\jmdns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\SDL2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\avformat-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\avdevice-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libVD_x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\x86\libusb0_x86.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\usbmuxd\libusb-1.0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libcef.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\AdbWinUsbApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\avfilter-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.BrowserSubprocess.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Charsets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\InTheHand.Net.Personal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroidCastInstaller.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\dpscat.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\d3dcompiler_43.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroidHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.WinForms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libVD.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\NLog.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\aapt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\usbmuxd\libusb0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Text.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\dpinst64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\avutil-56.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\DIHConfig_x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\swscale-5.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\postproc-55.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\amd64\libusb0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\Launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\swresample-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\QTConfig.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\InetBgDL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libAirPlay.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\x86\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\QRCoder.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\AdbWinApi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\adb_helper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\amd64\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\vccorlib120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\Android.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libimdusb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libusb0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\x86\libusbK_x86.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\android_connect.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\avcodec-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libWebRTC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\VirtualDesktop\VirtualDesktop.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\usbmuxd\usbmuxd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\driver\amd64\libusbK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Util.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\libscrcpy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\IKVM.Runtime.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file

Windows Analysis Report AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
AirDroid_Cast_Desktop_Client_1.2.1.0.exe

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid Cast	Jump to behavior
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid Cast\AirDroid Cast.lnk	Jump to behavior
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid Cast\Uninstall.lnk	Jump to behavior

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 980000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2BE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2C50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4C50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Memory allocated: 2630000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Memory allocated: 4070000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Memory allocated: 3EA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 1480000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2FF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4FF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2AF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2C70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4C70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 1810000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 33F0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 3230000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2710000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 28A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 48A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2D20000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2F30000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4F30000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: B10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 24E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 44E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2AF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2D90000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2AF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: E40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2820000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: FE0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2BD0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2E50000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2C60000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 16F0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 3140000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 5140000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: D40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2810000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4810000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: AF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2690000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: AF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2640000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 26C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 46C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2A80000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2C70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2A80000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 16C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 3150000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2EC0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2250000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 23C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 43C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2D40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2F90000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2DC0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 3190000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 33A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 31B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 1330000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 32A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 1450000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 950000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2640000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4640000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 1330000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2FA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 4FA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 1000000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2A10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2810000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 980000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 25D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2400000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2400000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 25B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 45B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2780000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 29C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Memory allocated: 2780000 memory reserve \| memory write watch

Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Thread delayed: delay time: 600000

Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Window / User API: threadDelayed 526
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Window / User API: threadDelayed 526
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Window / User API: threadDelayed 401
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Window / User API: threadDelayed 4534
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Window / User API: threadDelayed 2199
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe	Window / User API: foregroundWindowGot 1753
Source: C:\Program Files (x86)\AirDroid Cast\usbmuxd\usbmuxd.exe	Window / User API: threadDelayed 9996
Source: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\adb_helper.exe	Window / User API: threadDelayed 7794
Source: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\adb_helper.exe	Window / User API: threadDelayed 2174
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Window / User API: threadDelayed 374
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Window / User API: threadDelayed 452

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\DIHConfig.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\dpinst32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\jmdns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\avformat-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\avdevice-58.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libVD_x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\x86\libusb0_x86.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libcef.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\avfilter-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.BrowserSubprocess.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\InTheHand.Net.Personal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Charsets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\AirDroidCastInstaller.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\dpscat.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\AirDroidHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\d3dcompiler_43.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.WinForms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libVD.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\NLog.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\aapt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Text.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\dpinst64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\DIHConfig_x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\AirDroid_CefSharp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\postproc-55.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\QTConfig.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz8AD9.tmp\InetBgDL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libAirPlay.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\x86\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\QRCoder.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\amd64\libusb0.sys	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\Android.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\vccorlib120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libimdusb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\driver\x86\libusbK_x86.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\android_connect.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libWebRTC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\VirtualDesktop\VirtualDesktop.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\IKVM.OpenJDK.Util.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\libscrcpy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\IKVM.Runtime.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AirDroid Cast\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file

Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6536	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5172	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2316	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe TID: 1220	Thread sleep time: -16602069666338586s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\AirDroidCast.exe TID: 2516	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\usbmuxd\usbmuxd.exe TID: 3852	Thread sleep time: -99960s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\adb_helper.exe TID: 7052	Thread sleep time: -7794000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\adb_helper.exe TID: 7052	Thread sleep time: -2174000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5812	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1620	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2996	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5812	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2736	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8140	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8100	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7172	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2736	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6464	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4296	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6488	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6464	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6296	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7220	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1440	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6296	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2740	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7184	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7256	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2740	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6360	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 340	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7612	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 928	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6360	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5968	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1472	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6364	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5968	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4016	Thread sleep count: 44 > 30
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1740	Thread sleep count: 97 > 30
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4452	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3648	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2436	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4452	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1976	Thread sleep count: 32 > 30
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5680	Thread sleep count: 262 > 30
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6788	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7880	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1532	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6788	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4076	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6196	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5116	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4076	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7936	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 732	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8036	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7936	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1516	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6316	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5196	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1516	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3704	Thread sleep count: 43 > 30
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5860	Thread sleep count: 177 > 30
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1348	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5864	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4464	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1348	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5668	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5144	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7976	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5668	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2872	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1708	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3476	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2872	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7792	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6724	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5728	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7820	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7792	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5836	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6332	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7832	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7396	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5836	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7776	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7664	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2344	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7776	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1028	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 4920	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5648	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 1028	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8152	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2312	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7920	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8152	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3060	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 5844	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2892	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3060	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3096	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7716	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 6984	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3096	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2328	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7476	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 7460	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2328	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2076	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 3152	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 716	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 2076	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 9044	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8996	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 8956	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe TID: 9044	Thread sleep time: -600000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\AirDroid Cast\IncludeAdb\adb_helper.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\AirDroid Cast\Helper.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\AirDroid_Cast_Desktop_Client_1.2.1.0.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior

Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: eqEmuVL8Ia4
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: usbmuxd.exe, 0000000F.00000003.4452594356.0000000000F73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Inc.
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2403956126.0000000004825000.00000004.00000020.00020000.00000000.sdmp, AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000003.2371933145.0000000004825000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Launcher.exe, 00000006.00000002.2322790341.00000000018B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(>
Source: Helper.exe, 00000007.00000002.2237470874.0000000000FBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: ,~BVMCI
Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: evMCicOVHH7
Source: AirDroidCast.exe, 00000009.00000002.6169870870.00000000092B2000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VirtualMachineError
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EADS Deutschland GmbHVMware, Inc.AGFA-Gevaert NVPhoto AIO Printer 922Sentech CameraEyeTV DiversityPSX Vibration Feedback ConverterGamtec.,Ltd SmartJoy PLUS AdapterCruzer MiniMC70 Rugged Mobile ComputerXR21V1410 USB-UART ICCanoScan D660UCatalinaExpert mouseCLOCK USB II
Source: Helper.exe, 00000007.00000002.2327414893.0000000006510000.00000004.00000020.00020000.00000000.sdmp, AirDroidCast.exe, 00000009.00000002.5967265325.00000000024AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.INGENICOSharp Corp.VMMobile Disk IIIBluetooth 2.0 adapter 100m CN-521v2 001 Backpack 40GB Hard DriveWG121(v1) 54 Mbps Wireless [Intersil ISL3886]USA-18X PDAInternal Keyboard/Trackpad (JIS)Nostromo 1745 GamePadPX-A650 [Stylus CX4700/CX4800/DX4800/DX4850]Savi Office Base Stationremote key/mouse/storage for P3 chipPhotoSmart 7345VMware Inc.ASUSTek Computer, Inc.MindShare, Inc.GDS-3000 OscilloscopePL512 Power Supply SystemG240 802.11bgWL-188 Wireless Network 300N USB AdapterBackPackWG121(v2) 54 Mbps Wireless [Intersil ISL3886]USA-28Xb PDA [no firmware]Aluminum Mini Keyboard (ANSI)Nostromo N50 GamePadPM-A750 [Stylus Photo RX520/RX530]USB DSP v4 Audio Interfaceremote storage for P3 chipDeskJet 630c`
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003CCA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMnet
Source: Helper.exe, 00000004.00000002.2146310629.0000000005F72000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: cVmCiE9yFTd
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: xvmcidct
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TMT Technology, Inc.Spyrus, Inc.Qemu Audio DeviceWL532U 802.11g Adapter8055 Experiment Interface Board (address=2)PicoScope 2000 series PC OscilloscopeFrontline Test Equipment Bluetooth DeviceAVerTVEfficient ADSL ModemVS-700 M23D Optical MouseDigital IXUS 55WingMan Formula ForceRemote NDIS Network DeviceHDM Interface
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000003.2015852449.0000000000865000.00000004.00000020.00020000.00000000.sdmp, AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000003.1927462378.0000000000869000.00000004.00000020.00020000.00000000.sdmp, AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000003.1988610284.0000000000869000.00000004.00000020.00020000.00000000.sdmp, AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000003.1957867712.0000000000869000.00000004.00000020.00020000.00000000.sdmp, AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000003.2015370719.0000000000865000.00000004.00000020.00020000.00000000.sdmp, AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2378705742.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(y
Source: Helper.exe, 00000007.00000002.2237470874.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000003CCA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e:\win-2623\download\chromium\src\net\proxy\polling_proxy_config_service.ccnet::PollingProxyConfigService::Core::CheckForChangesNownet::PollingProxyConfigService::Core::PollOnWorkerThreade:\win-2623\download\chromium\src\net\base\network_interfaces_win.cc%WINDIR%\system32\wlanapi.dllWlanOpenHandleWlanEnumInterfacesWlanQueryInterfaceWlanSetInterfaceWlanFreeMemoryWlanCloseHandleVMnetGetAdaptersAddresses failed: V(
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Qemu Audio Device
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: yuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbabgrbgragray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva422pyuva444pyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20bergba64bergba64lebgra64bebgra64leyvyu422vdaya16beya16legbrapgbrap16begbrap16leqsvmmald3d11va_vld0rgbrgb00bgrbgr0yuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16beyuv440p10leyuv440p10beyuv440p12leyuv440p12beayuv64leayuv64bevideotoolbox_vldsmpte428-1log100log316iec61966-2-4bt1361eiec61966-2-1bt2020-10bt2020-20gbrycgcobt2020ncbt2020crgb32bgr32subtitle@
Source: usbmuxd.exe, 0000000F.00000003.4452594356.0000000000F73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: AirDroid_Cast_Desktop_Client_1.2.1.0.exe, 00000000.00000002.2390369800.0000000002806000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video
Source: usbmuxd.exe, 0000000F.00000003.4452594356.0000000000F73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}