Windows Analysis Report
JtDj8LXROa.exe

Overview

General Information

Sample name: JtDj8LXROa.exe
renamed because original name is a hash value
Original sample name: d05072998fa8197eea94c4d66dfb89f6.exe
Analysis ID: 1529362
MD5: d05072998fa8197eea94c4d66dfb89f6
SHA1: 86df4d971ff887f27e0138e146fb89ad1a3e6db0
SHA256: 5665d60c2745ec2f9f07446993d491d5a26360a873095ec5df711947ac854f68
Tags: 32exetrojan
Infos:

Detection

Socks5Systemz
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Socks5Systemz
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Machine Learning detection for dropped file
PE file has a writeable .text section
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Found malware configuration
Source: txttosub32_64.exe.7584.2.memstrmin Malware Configuration Extractor: Socks5Systemz {"C2 list": ["dioimyp.info"]}
Multi AV Scanner detection for submitted file
Source: JtDj8LXROa.exe ReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\ProgramData\Eurofighter Typhoon Game 10.8.45\Eurofighter Typhoon Game 10.8.45.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00459A70 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion, 1_2_00459A70
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00459B24 ArcFourCrypt, 1_2_00459B24
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00459B3C ArcFourCrypt, 1_2_00459B3C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_10001000 ISCryptGetVersion, 1_2_10001000
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_10001130 ArcFourCrypt, 1_2_10001130

Compliance
barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Unpacked PE file: 2.2.txttosub32_64.exe.400000.0.unpack
Uses 32bit PE files
Source: JtDj8LXROa.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0046CA58 FindFirstFileA,FindNextFileA,FindClose, 1_2_0046CA58
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00450A2C FindFirstFileA,GetLastError, 1_2_00450A2C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00474EB4 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_00474EB4
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045E01C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045E01C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045CB7C FindFirstFileA,FindNextFileA,FindClose, 1_2_0045CB7C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00473164 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_00473164
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0048B510 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 1_2_0048B510
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045DC88 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045DC88
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49753 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49753 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49780 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49780 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49789 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49789 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49795 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49795 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49801 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49801 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49830 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49830 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49837 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49817 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49817 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49841 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49841 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49812 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49837 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49812 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49861 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49861 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49854 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49854 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49869 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49869 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49875 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49875 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49898 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49898 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49891 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49891 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49884 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49884 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49904 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49904 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49916 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49916 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49910 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49910 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49925 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49925 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49941 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49941 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49947 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49934 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49947 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49934 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49959 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49953 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49953 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49959 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49966 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49966 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49982 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49982 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49976 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49976 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50002 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50002 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49995 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49995 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50014 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49825 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49825 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50032 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50021 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50021 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50014 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49990 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50047 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50044 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50045 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50053 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50053 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50054 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50055 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50055 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50047 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50045 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49848 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49848 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50060 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50060 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50059 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50058 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50059 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50058 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50050 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50050 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50027 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50027 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49990 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50032 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50046 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50044 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50064 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50064 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50048 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50054 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50048 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50067 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50067 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50043 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50068 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50043 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50068 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50062 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50046 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50062 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50069 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50069 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50061 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50061 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50057 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50057 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50049 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50065 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50065 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50056 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50056 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50049 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50051 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50051 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50066 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50066 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50063 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50042 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50063 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50042 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50052 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50052 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50070 -> 185.208.158.248:80
Source: Network traffic Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50070 -> 185.208.158.248:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: dioimyp.info
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:49759 -> 89.105.201.183:2023
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.208.158.248 185.208.158.248
Source: Joe Sandbox View IP Address: 89.105.201.183 89.105.201.183
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: SIMPLECARRER2IT SIMPLECARRER2IT
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf715c1e69c9e3c HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown UDP traffic detected without corresponding DNS query: 45.155.250.90
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02D972AB Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_strtok,_swscanf,_strtok,_free,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_free, 2_2_02D972AB
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf715c1e69c9e3c HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 HTTP/1.1Host: dioimyp.infoUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic DNS traffic detected: DNS query: dioimyp.info
Source: txttosub32_64.exe, 00000002.00000002.2985433217.0000000000B49000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.208.158.248/
Source: txttosub32_64.exe, 00000002.00000002.2987911275.0000000003392000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee948
Source: txttosub32_64.exe, 00000002.00000002.2985433217.0000000000B49000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
Source: JtDj8LXROa.exe, 00000000.00000003.1729957915.0000000002320000.00000004.00001000.00020000.00000000.sdmp, JtDj8LXROa.exe, 00000000.00000002.2985052299.0000000002088000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000002.2985152205.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000003.1733440877.000000000227C000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000003.1732936599.0000000003230000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000002.2985568481.000000000226C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://fsf.org/
Source: is-044SQ.tmp.1.dr String found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: is-FNN9L.tmp.1.dr String found in binary or memory: http://tukaani.org/
Source: is-FNN9L.tmp.1.dr String found in binary or memory: http://tukaani.org/xz/
Source: JtDj8LXROa.exe, 00000000.00000003.1729957915.0000000002320000.00000004.00001000.00020000.00000000.sdmp, JtDj8LXROa.exe, 00000000.00000002.2985052299.0000000002088000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000002.2985152205.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000003.1733440877.000000000227C000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000003.1732936599.0000000003230000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000002.2985568481.000000000226C000.00000004.00001000.00020000.00000000.sdmp, is-HL3OV.tmp.1.dr String found in binary or memory: http://www.gnu.org/licenses/
Source: JtDj8LXROa.exe String found in binary or memory: http://www.innosetup.com
Source: is-3J7FL.tmp, is-3J7FL.tmp, 00000001.00000002.2984623064.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-APE3N.tmp.1.dr, is-3J7FL.tmp.0.dr String found in binary or memory: http://www.innosetup.com/
Source: JtDj8LXROa.exe, 00000000.00000003.1730578339.0000000002320000.00000004.00001000.00020000.00000000.sdmp, JtDj8LXROa.exe, 00000000.00000003.1730772731.0000000002094000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000002.2984886905.000000000049D000.00000002.00000001.01000000.00000004.sdmp, is-APE3N.tmp.1.dr, is-3J7FL.tmp.0.dr String found in binary or memory: http://www.innosetup.comDVarFileInfo$
Source: JtDj8LXROa.exe, 00000000.00000003.1730578339.0000000002320000.00000004.00001000.00020000.00000000.sdmp, JtDj8LXROa.exe, 00000000.00000003.1730772731.0000000002094000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, is-3J7FL.tmp, 00000001.00000002.2984623064.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-APE3N.tmp.1.dr, is-3J7FL.tmp.0.dr String found in binary or memory: http://www.remobjects.com/?ps
Source: JtDj8LXROa.exe, 00000000.00000003.1730578339.0000000002320000.00000004.00001000.00020000.00000000.sdmp, JtDj8LXROa.exe, 00000000.00000003.1730772731.0000000002094000.00000004.00001000.00020000.00000000.sdmp, is-3J7FL.tmp, 00000001.00000002.2984623064.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-APE3N.tmp.1.dr, is-3J7FL.tmp.0.dr String found in binary or memory: http://www.remobjects.com/?psU

System Summary
barindex
PE file has a writeable .text section
Source: txttosub32_64.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Eurofighter Typhoon Game 10.8.45.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00423AFC NtdllDefWindowProc_A, 1_2_00423AFC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00412550 NtdllDefWindowProc_A, 1_2_00412550
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045483C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, 1_2_0045483C
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_00401A4F: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, 2_2_00401A4F
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00409088 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_00409088
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00453298 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_00453298
Detected potential crypto function
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_004081FC 0_2_004081FC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004346A4 1_2_004346A4
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00468A78 1_2_00468A78
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00461058 1_2_00461058
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00475D10 1_2_00475D10
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00430248 1_2_00430248
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004444DC 1_2_004444DC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004448E8 1_2_004448E8
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045ABB8 1_2_0045ABB8
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0046305C 1_2_0046305C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0043D0C4 1_2_0043D0C4
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0047B110 1_2_0047B110
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0048169C 1_2_0048169C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0042F7EC 1_2_0042F7EC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0044383C 1_2_0044383C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004339A0 1_2_004339A0
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00457CDC 1_2_00457CDC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00443DE4 1_2_00443DE4
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_00401051 2_2_00401051
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_00401C26 2_2_00401C26
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DAE18D 2_2_02DAE18D
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DA9E84 2_2_02DA9E84
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DB4E29 2_2_02DB4E29
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02D9EFAD 2_2_02D9EFAD
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DADC99 2_2_02DADC99
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DA8442 2_2_02DA8442
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DAAC3A 2_2_02DAAC3A
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DB2DB4 2_2_02DB2DB4
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DAE5A5 2_2_02DAE5A5
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DCBCEB 2_2_02DCBCEB
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DCB4E5 2_2_02DCB4E5
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DCBD58 2_2_02DCBD58
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00403418 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00451298 appears 63 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00405974 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 004034AC appears 81 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00406A10 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00454E8C appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00445418 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00408B90 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00407878 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 004338B8 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 0040369C appears 194 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 00445148 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: String function: 0045507C appears 49 times
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: String function: 02DA8AE0 appears 37 times
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: String function: 02DB5330 appears 139 times
PE file contains executable resources (Code or Archives)
Source: is-3J7FL.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-3J7FL.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-3J7FL.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-3J7FL.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-APE3N.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-APE3N.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-APE3N.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-APE3N.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
PE file contains more sections than normal
Source: is-OINQS.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-MIIEA.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-044SQ.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-UDOMJ.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-4PF6P.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-FNN9L.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-JLHGP.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-QL93H.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-45KG3.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-HL3OV.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-S3DSP.tmp.1.dr Static PE information: Number of sections : 11 > 10
Sample file is different than original file name gathered from version info
Source: JtDj8LXROa.exe, 00000000.00000003.1730578339.0000000002320000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs JtDj8LXROa.exe
Source: JtDj8LXROa.exe, 00000000.00000003.1730578339.0000000002320000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilename6 vs JtDj8LXROa.exe
Source: JtDj8LXROa.exe, 00000000.00000003.1730772731.0000000002094000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs JtDj8LXROa.exe
Source: JtDj8LXROa.exe, 00000000.00000003.1730772731.0000000002094000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilename6 vs JtDj8LXROa.exe
Uses 32bit PE files
Source: JtDj8LXROa.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: txttosub32_64.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: _RegDLL.tmp.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _setup64.tmp.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Eurofighter Typhoon Game 10.8.45.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engine Classification label: mal100.troj.evad.winEXE@5/69@1/2
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DA08B8 FormatMessageA,GetLastError, 2_2_02DA08B8
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00409088 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_00409088
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00453298 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_00453298
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00453AC8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA, 1_2_00453AC8
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: CreateServiceA, 2_2_0040B04C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00453EB0 CoCreateInstance,CoCreateInstance,SysFreeString, 1_2_00453EB0
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_0040979C FindResourceA,SizeofResource,LoadResource,LockResource, 0_2_0040979C
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_0040B34A StartServiceCtrlDispatcherA, 2_2_0040B34A
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_0040B34A StartServiceCtrlDispatcherA, 2_2_0040B34A
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub Jump to behavior
Source: C:\Users\user\Desktop\JtDj8LXROa.exe File created: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: JtDj8LXROa.exe ReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\JtDj8LXROa.exe File read: C:\Users\user\Desktop\JtDj8LXROa.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\JtDj8LXROa.exe "C:\Users\user\Desktop\JtDj8LXROa.exe"
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Process created: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp "C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp" /SL4 $10482 "C:\Users\user\Desktop\JtDj8LXROa.exe" 3710467 52224
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process created: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe "C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe" -i
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Process created: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp "C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp" /SL4 $10482 "C:\Users\user\Desktop\JtDj8LXROa.exe" 3710467 52224 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process created: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe "C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe" -i Jump to behavior
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: dsound.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Window found: window name: TMainForm Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: JtDj8LXROa.exe Static file information: File size 3981762 > 1048576

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Unpacked PE file: 2.2.txttosub32_64.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Unpacked PE file: 2.2.txttosub32_64.exe.400000.0.unpack
Binary contains a suspicious time stamp
Source: is-J2GOF.tmp.1.dr Static PE information: 0x8C00008C [Mon Jun 6 07:19:40 2044 UTC]
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00447880 LoadLibraryA,GetProcAddress, 1_2_00447880
PE file contains sections with non-standard names
Source: is-E99MS.tmp.1.dr Static PE information: section name: /4
Source: is-QL93H.tmp.1.dr Static PE information: section name: /4
Source: is-45KG3.tmp.1.dr Static PE information: section name: /4
Source: is-TITH4.tmp.1.dr Static PE information: section name: /4
Source: is-4931H.tmp.1.dr Static PE information: section name: /4
Source: is-3E0BT.tmp.1.dr Static PE information: section name: /4
Source: is-HL3OV.tmp.1.dr Static PE information: section name: /4
Source: is-J2GOF.tmp.1.dr Static PE information: section name: /4
Source: is-RT5D9.tmp.1.dr Static PE information: section name: /4
Source: is-FNN9L.tmp.1.dr Static PE information: section name: /4
Source: is-R0B0H.tmp.1.dr Static PE information: section name: /4
Source: is-JLHGP.tmp.1.dr Static PE information: section name: /4
Source: is-F583D.tmp.1.dr Static PE information: section name: /4
Source: is-4PF6P.tmp.1.dr Static PE information: section name: /4
Source: is-S3DSP.tmp.1.dr Static PE information: section name: /4
Source: is-UDOMJ.tmp.1.dr Static PE information: section name: /4
Source: is-OINQS.tmp.1.dr Static PE information: section name: /4
Source: is-4D90I.tmp.1.dr Static PE information: section name: /4
Source: is-MIIEA.tmp.1.dr Static PE information: section name: /4
Source: is-T9B97.tmp.1.dr Static PE information: section name: /4
Source: is-U6VV1.tmp.1.dr Static PE information: section name: /4
Source: is-RD9OC.tmp.1.dr Static PE information: section name: /4
Source: is-QREK9.tmp.1.dr Static PE information: section name: /4
Source: is-0GII4.tmp.1.dr Static PE information: section name: /4
Source: is-8S82H.tmp.1.dr Static PE information: section name: /4
Source: is-044SQ.tmp.1.dr Static PE information: section name: /4
Source: is-KVJ9F.tmp.1.dr Static PE information: section name: /4
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00406510 push 0040654Dh; ret 0_2_00406545
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_004040B5 push eax; ret 0_2_004040F1
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00404185 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00404206 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00404283 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00408B58 push 00408B8Bh; ret 0_2_00408B83
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00407EB8 push ecx; mov dword ptr [esp], eax 0_2_00407EBD
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004098D0 push 0040990Dh; ret 1_2_00409905
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0047A114 push ecx; mov dword ptr [esp], ecx 1_2_0047A119
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00430248 push ecx; mov dword ptr [esp], eax 1_2_0043024D
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004062B0 push ecx; mov dword ptr [esp], eax 1_2_004062B1
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00450364 push 00450397h; ret 1_2_0045038F
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0040A5BC push eax; retn 0040h 1_2_0040A5BD
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00410648 push ecx; mov dword ptr [esp], edx 1_2_0041064D
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0040A600 push eax; ret 1_2_0040A601
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004427B4 push ecx; mov dword ptr [esp], ecx 1_2_004427B8
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045A874 push ecx; mov dword ptr [esp], eax 1_2_0045A879
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0040A8D2 pushad ; iretd 1_2_0040A8D9
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004128A0 push 00412903h; ret 1_2_004128FB
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00456934 push 00456978h; ret 1_2_00456970
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00478B88 push 00478C66h; ret 1_2_00478C5E
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0040CFA0 push ecx; mov dword ptr [esp], edx 1_2_0040CFA2
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00405485 push eax; ret 1_2_004054C1
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00405555 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0040F500 push ecx; mov dword ptr [esp], edx 1_2_0040F502
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004055D6 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00405653 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004056B8 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00419BA0 push ecx; mov dword ptr [esp], ecx 1_2_00419BA5
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00409F8B push ds; ret 1_2_00409FB5
Source: txttosub32_64.exe.1.dr Static PE information: section name: .text entropy: 6.848714535360274
Source: Eurofighter Typhoon Game 10.8.45.exe.2.dr Static PE information: section name: .text entropy: 6.848714535360274

Persistence and Installation Behavior
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive0 2_2_00401A4F
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive0 2_2_02D9F7D6
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_RegDLL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgobject-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libglibmm-2.4-1.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\JtDj8LXROa.exe File created: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgcc_s_dw2-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libintl-8.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgraphite2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgmodule-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-3E0BT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-OINQS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-T9B97.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-S3DSP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangocairo-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangowin32-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-8S82H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libtiff-5.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-QL93H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\liblzma-5.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libjpeg-8.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-JLHGP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-0GII4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libharfbuzz-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-4PF6P.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-E99MS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-TITH4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgdk-win32-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangomm-1.4-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-RT5D9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_iscrypt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpcre-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-MIIEA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\librsvg-2-2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-45KG3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangoft2-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-U6VV1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-FNN9L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-KVJ9F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-UDOMJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpixman-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpango-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-HL3OV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\zlib1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-F583D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libsigc-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libwinpthread-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\is-APE3N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgomp-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-RD9OC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-4D90I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-R0B0H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-044SQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libpng16-16.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe File created: C:\ProgramData\Eurofighter Typhoon Game 10.8.45\Eurofighter Typhoon Game 10.8.45.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-QREK9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\liblcms2-2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-4931H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\is-J2GOF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgdk_pixbuf-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File created: C:\Users\user\AppData\Local\Raff Txt To Sub\libgdkmm-2.4-1.dll (copy) Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe File created: C:\ProgramData\Eurofighter Typhoon Game 10.8.45\Eurofighter Typhoon Game 10.8.45.exe Jump to dropped file

Boot Survival
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive0 2_2_00401A4F
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive0 2_2_02D9F7D6
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_0040B34A StartServiceCtrlDispatcherA, 2_2_0040B34A
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00424154 IsIconic,SetActiveWindow,SetFocus, 1_2_00424154
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0042410C IsIconic,SetActiveWindow, 1_2_0042410C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004182FC IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, 1_2_004182FC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00478558 IsIconic,GetWindowLongA,ShowWindow,ShowWindow, 1_2_00478558
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004227D4 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, 1_2_004227D4
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00417510 IsIconic,GetCapture, 1_2_00417510
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00417C46 IsIconic,SetWindowPos, 1_2_00417C46
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00417C48 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, 1_2_00417C48
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0044A684 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 1_2_0044A684
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Contains functionality to query network adapater information
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 2_2_00401B4B
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 2_2_02D9F8DA
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Window / User API: threadDelayed 5305 Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Window / User API: threadDelayed 4553 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_RegDLL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgobject-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libglibmm-2.4-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgcc_s_dw2-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libintl-8.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgraphite2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgmodule-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-3E0BT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-OINQS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-T9B97.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-S3DSP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangocairo-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangowin32-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-8S82H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libtiff-5.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-QL93H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\liblzma-5.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libjpeg-8.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-JLHGP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-0GII4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libharfbuzz-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-4PF6P.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-TITH4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-E99MS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangomm-1.4-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgdk-win32-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-RT5D9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpcre-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_iscrypt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-MIIEA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\librsvg-2-2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-45KG3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpangoft2-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-U6VV1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-FNN9L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-KVJ9F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-UDOMJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpixman-1-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpango-1.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-HL3OV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\zlib1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-F583D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libsigc-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libwinpthread-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\is-APE3N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgomp-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-RD9OC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-4D90I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-R0B0H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-044SQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libpng16-16.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-QREK9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\liblcms2-2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-4931H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\is-J2GOF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgdk_pixbuf-2.0-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Raff Txt To Sub\libgdkmm-2.4-1.dll (copy) Jump to dropped file
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Evasive API call chain: GetSystemTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe TID: 7588 Thread sleep count: 5305 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe TID: 7588 Thread sleep time: -10610000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe TID: 8076 Thread sleep count: 67 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe TID: 8076 Thread sleep time: -4020000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe TID: 7588 Thread sleep count: 4553 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe TID: 7588 Thread sleep time: -9106000s >= -30000s Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe File opened: PhysicalDrive0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0046CA58 FindFirstFileA,FindNextFileA,FindClose, 1_2_0046CA58
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00450A2C FindFirstFileA,GetLastError, 1_2_00450A2C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00474EB4 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_00474EB4
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045E01C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045E01C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045CB7C FindFirstFileA,FindNextFileA,FindClose, 1_2_0045CB7C
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00473164 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_00473164
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0048B510 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 1_2_0048B510
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045DC88 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045DC88
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_004096E0 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, 0_2_004096E0
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: is-3J7FL.tmp, 00000001.00000002.2985152205.00000000007BC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: txttosub32_64.exe, 00000002.00000002.2985433217.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp, txttosub32_64.exe, 00000002.00000002.2985433217.0000000000B68000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: txttosub32_64.exe, 00000002.00000002.2985433217.0000000000A78000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW(
Source: C:\Users\user\Desktop\JtDj8LXROa.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DB00FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer, 2_2_02DB00FE
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DB00FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer, 2_2_02DB00FE
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00447880 LoadLibraryA,GetProcAddress, 1_2_00447880
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02D9648B RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection, 2_2_02D9648B
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02DA9468 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_02DA9468
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_0045950C GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,LocalFree, 1_2_0045950C
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe Code function: 2_2_02D9F78E cpuid 2_2_02D9F78E
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: GetLocaleInfoA, 0_2_00405154
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: GetLocaleInfoA, 0_2_004051A0
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: GetLocaleInfoA, 1_2_004084EC
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: GetLocaleInfoA, 1_2_00408538
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_004559D8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle, 1_2_004559D8
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_004026C4 GetSystemTime, 0_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp Code function: 1_2_00453230 GetUserNameA, 1_2_00453230
Source: C:\Users\user\Desktop\JtDj8LXROa.exe Code function: 0_2_00405C3C GetVersionExA, 0_2_00405C3C

Stealing of Sensitive Information
barindex
Yara detected Socks5Systemz
Source: Yara match File source: 00000002.00000002.2987018343.0000000002D91000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2986892779.0000000002CE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: txttosub32_64.exe PID: 7584, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Socks5Systemz
Source: Yara match File source: 00000002.00000002.2987018343.0000000002D91000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2986892779.0000000002CE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: txttosub32_64.exe PID: 7584, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1529362 Sample: JtDj8LXROa.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 33 Suricata IDS alerts for network traffic 2->33 35 Found malware configuration 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 8 other signatures 2->39 7 JtDj8LXROa.exe 2 2->7         started        process3 file4 17 C:\Users\user\AppData\Local\...\is-3J7FL.tmp, PE32 7->17 dropped 10 is-3J7FL.tmp 10 48 7->10         started        process5 file6 19 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 10->19 dropped 21 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 10->21 dropped 23 C:\Users\user\AppData\Local\...\_RegDLL.tmp, PE32 10->23 dropped 25 58 other files (43 malicious) 10->25 dropped 13 txttosub32_64.exe 1 19 10->13         started        process7 dnsIp8 29 dioimyp.info 185.208.158.248, 49753, 49780, 49789 SIMPLECARRER2IT Switzerland 13->29 31 89.105.201.183, 2023, 49759, 49783 NOVOSERVE-ASNL Netherlands 13->31 27 C:\...urofighter Typhoon Game 10.8.45.exe, PE32 13->27 dropped file9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.208.158.248
 dioimyp.info Switzerland
34888 SIMPLECARRER2IT true
89.105.201.183
 unknown Netherlands
24875 NOVOSERVE-ASNL false

Contacted Domains

Name IP Active
dioimyp.info 185.208.158.248 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
dioimyp.info true
    		unknown
    http://dioimyp.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf715c1e69c9e3c true
      		unknown
      http://dioimyp.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211 true
        		unknown