Windows Analysis Report
DeskTimeSetup.exe

Overview

General Information

Sample name:	DeskTimeSetup.exe
Analysis ID:	1592086
MD5:	a1a315b9d8c9001f399cac6b91db3c10
SHA1:	5105cb81dc44f026fa06b9c4872f66d30eac3eb4
SHA256:	3f13cf8df8fccb04382a04448495e175db56129be546633ba1fc5d247a46fc0d
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Installs a global keyboard hook

Tries to delay execution (extensive OutputDebugStringW loop)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Installs a global mouse hook

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: DeskTimeSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeskTime_is1

Jump to behavior

Source: DeskTimeSetup.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.183.17.53:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.59.93.85:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50352 version: TLS 1.2

Source: DeskTimeSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: n0C:\Windows\DeskTime.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdbdF"~F" pF"_CorExeMainmscoree.dll source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr
Source:	Binary string: c:\projects\CrashReporter.NET\CrashReporter.NET\obj\Any CPU\Release-NET462\CrashReporter.NET.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr
Source:	Binary string: d:\Bjornar\SVN\istool\isxdl\trunk\source\Release\isxdl.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, isxdl.dll.2.dr
Source:	Binary string: re.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /api/v3/json/ping HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /api/v3/json/ping HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: us.desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /api/v3/json/ping HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: in.desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close

Source: global traffic	DNS traffic detected: DNS query: in.desktime.com
Source: global traffic	DNS traffic detected: DNS query: desktime.com
Source: global traffic	DNS traffic detected: DNS query: us.desktime.com

Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr	String found in binary or memory: http://bitbucket.org/mitrich_k/inno-download-plugin
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://desktime.com
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://desktime.comd
Source: is-PVMFV.tmp.2.dr	String found in binary or memory: http://drdump.com/Service/CrashReporterReportUploader.svc
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: http://drdump.com/Service/CrashReporterReportUploader.svcY
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: http://google.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: http://linkedin.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr	String found in binary or memory: http://mitrichsoftware.wordpress.comB
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/DeskTime
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: http://twitter.com
Source: isxdl.dll.2.dr	String found in binary or memory: http://www.istool.org/
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/api/v3/json/ping
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://desktime.com/https://in.desktime.com
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000003038000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/update/
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668(
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668WS
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668y
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.comD
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://drdump.com/Service/CrashReporterReportUploader.svcQCrashReporterDotNET.Properties.Resources
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://in.desktime.com
Source: DeskTimeSetup.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://local.desktime.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://us.desktime.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/services
Source: is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/services/IdolSoftware.DoctorDump.CrashReporterGate.CrashReporterReportUploade
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/servicesT
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/servicesTU
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/servicesX
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: DeskTimeSetup.exe, 00000000.00000003.2054777843.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.exe, 00000000.00000003.2052044765.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.tmp, 00000002.00000000.2056745898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, DeskTimeSetup.tmp.0.dr, is-COTMF.tmp.2.dr	String found in binary or memory: https://www.innosetup.com/
Source: DeskTimeSetup.exe, 00000000.00000003.2054777843.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.exe, 00000000.00000003.2052044765.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.tmp, 00000002.00000000.2056745898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, DeskTimeSetup.tmp.0.dr, is-COTMF.tmp.2.dr	String found in binary or memory: https://www.remobjects.com/ps
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2185025827.0000000000666000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://www.telerik.com/blogs/winforms-scaling-at-large-dpi-settings-is-it-even-possible

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50218
Source: unknown	Network traffic detected: HTTP traffic on port 50254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50222
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown	Network traffic detected: HTTP traffic on port 50266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50250
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 50256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 50319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 50332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443

Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.183.17.53:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.59.93.85:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50352 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global keyboard hook

Installs a global mouse hook

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Windows user hook set: 0 mouse low level C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Jump to behavior

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Process Stats: CPU usage > 49%

PE file contains executable resources (Code or Archives)

Source: DeskTimeSetup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-COTMF.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Sample file is different than original file name gathered from version info

Source: DeskTimeSetup.exe, 00000000.00000003.2201075773.0000000002328000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe, 00000000.00000000.2047822557.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe, 00000000.00000003.2054777843.000000007FE16000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe, 00000000.00000003.2052044765.00000000028AA000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe

Uses 32bit PE files

Source: DeskTimeSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus24.spyw.evad.winEXE@7/21@4/3

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Mutant created: \Sessions\1\BaseNamedObjects\{7096C69E-67B0-425E-8D11-485A7C74A337}

Source: C:\Users\user\Desktop\DeskTimeSetup.exe

File created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp

Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: DeskTimeSetup.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\DeskTimeSetup.exe

File read: C:\Users\user\Desktop\DeskTimeSetup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DeskTimeSetup.exe "C:\Users\user\Desktop\DeskTimeSetup.exe"
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp "C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp" /SL5="$10462,1981594,885248,C:\Users\user\Desktop\DeskTimeSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp "C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp" /SL5="$10462,1981594,885248,C:\Users\user\Desktop\DeskTimeSetup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"	Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: DeskTime.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\DeskTime\DeskTime.exe
Source: Uninstall DeskTime.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\DeskTime\unins000.exe

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeskTime_is1

Jump to behavior

Source: DeskTimeSetup.exe

Static PE information: certificate valid

Source: DeskTimeSetup.exe

Static file information: File size 2842472 > 1048576

Source: DeskTimeSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: n0C:\Windows\DeskTime.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdbdF"~F" pF"_CorExeMainmscoree.dll source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr
Source:	Binary string: c:\projects\CrashReporter.NET\CrashReporter.NET\obj\Any CPU\Release-NET462\CrashReporter.NET.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr
Source:	Binary string: d:\Bjornar\SVN\istool\isxdl\trunk\source\Release\isxdl.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, isxdl.dll.2.dr
Source:	Binary string: re.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: DeskTimeSetup.exe	Static PE information: section name: .didata
Source: DeskTimeSetup.tmp.0.dr	Static PE information: section name: .didata
Source: is-COTMF.tmp.2.dr	Static PE information: section name: .didata

Source: is-9GV88.tmp.2.dr	Static PE information: section name: .text entropy: 6.8162174963582425
Source: is-PKMHG.tmp.2.dr	Static PE information: section name: .text entropy: 6.849037050450508

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\is-5PQBT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\idp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	File created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\lv\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\lv\is-9GV88.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\is-PKMHG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\CrashReporter.NET.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\is-PVMFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\is-COTMF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\isxdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\is-NHIFB.tmp	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime\DeskTime.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime\Uninstall DeskTime.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DeskTime			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DeskTime			Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Section loaded: OutputDebugStringW count: 1896

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 27A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 2950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 4950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 1830000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 3290000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 3040000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 1830000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 3400000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 5400000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597843	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597047	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Window / User API: threadDelayed 3487			Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Window / User API: threadDelayed 6299			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\is-5PQBT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\idp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\lv\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\lv\is-9GV88.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\is-PKMHG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\CrashReporter.NET.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\is-PVMFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\isxdl.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5560	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99874s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99657s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99532s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99395s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98905s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98718s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98467s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98359s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98250s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98140s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -97921s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -97807s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -135000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44887s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44343s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44208s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44092s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -43968s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -43852s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44937s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44719s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44610s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44391s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44266s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44141s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -597843s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44547s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44437s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -597047s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 7536	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 7900	Thread sleep time: -922337203685477s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99874	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99657	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99532	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99395	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99125	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99016	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98905	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98828	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98718	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98594	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98467	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98359	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98250	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98140	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98031	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 97921	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 97807	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 45000	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44887	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44781	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44672	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44562	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44453	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44343	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44208	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44092	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 43968	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 43852	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44937	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44828	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44719	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44610	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44500	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44391	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44266	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44141	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597843	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44890	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44547	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44437	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44328	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597047	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477

Source: DeskTimeSetup.tmp, 00000002.00000003.2194406213.00000000009FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}S
Source: DeskTime.exe, 00000003.00000002.4516844027.0000000005FB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.22.9.120	desktime.com	United States	13335	CLOUDFLARENETUS	false
68.183.17.53	us.desktime.com	United States	14061	DIGITALOCEAN-ASNUS	false
139.59.93.85	in.desktime.com	Singapore	14061	DIGITALOCEAN-ASNUS	false

Contacted Domains

Name	IP	Active
us.desktime.com	68.183.17.53	true
in.desktime.com	139.59.93.85	true
desktime.com	104.22.9.120	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://in.desktime.com/api/v3/json/ping	false	Avira URL Cloud: safe	unknown
https://desktime.com/updates/win/version/?json=true&current=1.3.668	false		high
https://desktime.com/api/v3/json/ping	false		high
https://us.desktime.com/api/v3/json/ping	false	Avira URL Cloud: safe	unknown

Uses 32bit PE files

Source: DeskTimeSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeskTime_is1

Jump to behavior

Source: DeskTimeSetup.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.183.17.53:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.59.93.85:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50352 version: TLS 1.2

Source: DeskTimeSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: n0C:\Windows\DeskTime.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdbdF"~F" pF"_CorExeMainmscoree.dll source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr
Source:	Binary string: c:\projects\CrashReporter.NET\CrashReporter.NET\obj\Any CPU\Release-NET462\CrashReporter.NET.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr
Source:	Binary string: d:\Bjornar\SVN\istool\isxdl\trunk\source\Release\isxdl.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, isxdl.dll.2.dr
Source:	Binary string: re.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /api/v3/json/ping HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /api/v3/json/ping HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: us.desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /api/v3/json/ping HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: in.desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /updates/win/version/?json=true&current=1.3.668 HTTP/1.1User-Agent: DeskTime Windows Client v1.3.668Accept-Encoding: gzip, deflateHost: desktime.comConnection: Close

Source: global traffic	DNS traffic detected: DNS query: in.desktime.com
Source: global traffic	DNS traffic detected: DNS query: desktime.com
Source: global traffic	DNS traffic detected: DNS query: us.desktime.com

Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr	String found in binary or memory: http://bitbucket.org/mitrich_k/inno-download-plugin
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://desktime.com
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://desktime.comd
Source: is-PVMFV.tmp.2.dr	String found in binary or memory: http://drdump.com/Service/CrashReporterReportUploader.svc
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: http://drdump.com/Service/CrashReporterReportUploader.svcY
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: http://google.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: http://linkedin.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr	String found in binary or memory: http://mitrichsoftware.wordpress.comB
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002A2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/DeskTime
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: http://twitter.com
Source: isxdl.dll.2.dr	String found in binary or memory: http://www.istool.org/
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/api/v3/json/ping
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://desktime.com/https://in.desktime.com
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000003038000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/update/
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668(
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668WS
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.com/updates/win/version/?json=true&current=1.3.668y
Source: DeskTime.exe, 00000003.00000002.4508630704.0000000002BBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://desktime.comD
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://drdump.com/Service/CrashReporterReportUploader.svcQCrashReporterDotNET.Properties.Resources
Source: DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://in.desktime.com
Source: DeskTimeSetup.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://local.desktime.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4508630704.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://us.desktime.com
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/services
Source: is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/services/IdolSoftware.DoctorDump.CrashReporterGate.CrashReporterReportUploade
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/servicesT
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/servicesTU
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr	String found in binary or memory: https://www.drdump.com/servicesX
Source: DeskTimeSetup.exe, is-PVMFV.tmp.2.dr, is-5PQBT.tmp.2.dr, is-NHIFB.tmp.2.dr, DeskTimeSetup.tmp.0.dr, is-PKMHG.tmp.2.dr, is-9GV88.tmp.2.dr, is-COTMF.tmp.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: DeskTimeSetup.exe, 00000000.00000003.2054777843.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.exe, 00000000.00000003.2052044765.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.tmp, 00000002.00000000.2056745898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, DeskTimeSetup.tmp.0.dr, is-COTMF.tmp.2.dr	String found in binary or memory: https://www.innosetup.com/
Source: DeskTimeSetup.exe, 00000000.00000003.2054777843.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.exe, 00000000.00000003.2052044765.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, DeskTimeSetup.tmp, 00000002.00000000.2056745898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, DeskTimeSetup.tmp.0.dr, is-COTMF.tmp.2.dr	String found in binary or memory: https://www.remobjects.com/ps
Source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2185025827.0000000000666000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr	String found in binary or memory: https://www.telerik.com/blogs/winforms-scaling-at-large-dpi-settings-is-it-even-possible

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50218
Source: unknown	Network traffic detected: HTTP traffic on port 50254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50222
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown	Network traffic detected: HTTP traffic on port 50266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50250
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 50256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 50319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 50332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443

Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 68.183.17.53:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.59.93.85:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50242 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.9.120:443 -> 192.168.2.5:50352 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global keyboard hook

Installs a global mouse hook

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Windows user hook set: 0 mouse low level C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Jump to behavior

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Process Stats: CPU usage > 49%

PE file contains executable resources (Code or Archives)

Source: DeskTimeSetup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-COTMF.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Sample file is different than original file name gathered from version info

Source: DeskTimeSetup.exe, 00000000.00000003.2201075773.0000000002328000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe, 00000000.00000000.2047822557.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe, 00000000.00000003.2054777843.000000007FE16000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe, 00000000.00000003.2052044765.00000000028AA000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe
Source: DeskTimeSetup.exe	Binary or memory string: OriginalFileName vs DeskTimeSetup.exe

Uses 32bit PE files

Source: DeskTimeSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus24.spyw.evad.winEXE@7/21@4/3

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Mutant created: \Sessions\1\BaseNamedObjects\{7096C69E-67B0-425E-8D11-485A7C74A337}

Source: C:\Users\user\Desktop\DeskTimeSetup.exe

File created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp

Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: DeskTimeSetup.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\DeskTimeSetup.exe

File read: C:\Users\user\Desktop\DeskTimeSetup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DeskTimeSetup.exe "C:\Users\user\Desktop\DeskTimeSetup.exe"
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp "C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp" /SL5="$10462,1981594,885248,C:\Users\user\Desktop\DeskTimeSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp "C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp" /SL5="$10462,1981594,885248,C:\Users\user\Desktop\DeskTimeSetup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe "C:\Users\user\AppData\Local\DeskTime\DeskTime.exe"	Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: DeskTime.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\DeskTime\DeskTime.exe
Source: Uninstall DeskTime.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\DeskTime\unins000.exe

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeskTime_is1

Jump to behavior

Source: DeskTimeSetup.exe

Static PE information: certificate valid

Source: DeskTimeSetup.exe

Static file information: File size 2842472 > 1048576

Source: DeskTimeSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: n0C:\Windows\DeskTime.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: C:\Users\ArmandsDukurs\source\repos\windows-client\DeskTime\DeskTime\obj\Release\DeskTime.pdbdF"~F" pF"_CorExeMainmscoree.dll source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000002.4506275274.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, DeskTime.exe, 00000003.00000000.2184156135.0000000000442000.00000002.00000001.01000000.00000009.sdmp, is-NHIFB.tmp.2.dr
Source:	Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.0000000007620000.00000004.00001000.00020000.00000000.sdmp, idp.dll.2.dr
Source:	Binary string: c:\projects\CrashReporter.NET\CrashReporter.NET\obj\Any CPU\Release-NET462\CrashReporter.NET.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, DeskTime.exe, 00000007.00000002.2285948262.0000000005872000.00000002.00000001.01000000.0000000D.sdmp, is-PVMFV.tmp.2.dr
Source:	Binary string: d:\Bjornar\SVN\istool\isxdl\trunk\source\Release\isxdl.pdb source: DeskTimeSetup.tmp, 00000002.00000003.2186269889.000000000765A000.00000004.00001000.00020000.00000000.sdmp, isxdl.dll.2.dr
Source:	Binary string: re.pdb source: DeskTime.exe, 00000003.00000002.4518934346.0000000007E0B000.00000004.00000010.00020000.00000000.sdmp

PE file contains sections with non-standard names

Source: DeskTimeSetup.exe	Static PE information: section name: .didata
Source: DeskTimeSetup.tmp.0.dr	Static PE information: section name: .didata
Source: is-COTMF.tmp.2.dr	Static PE information: section name: .didata

Source: is-9GV88.tmp.2.dr	Static PE information: section name: .text entropy: 6.8162174963582425
Source: is-PKMHG.tmp.2.dr	Static PE information: section name: .text entropy: 6.849037050450508

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\is-5PQBT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\idp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\DeskTimeSetup.exe	File created: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\lv\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\lv\is-9GV88.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\is-PKMHG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\CrashReporter.NET.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\is-PVMFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\es\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\is-COTMF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\isxdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Local\DeskTime\is-NHIFB.tmp	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime\DeskTime.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime\Uninstall DeskTime.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DeskTime			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DeskTime			Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior

Source: C:\Users\user\Desktop\DeskTimeSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Section loaded: OutputDebugStringW count: 1896

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 27A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 2950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 4950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 1830000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 3290000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 3040000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 1830000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 3400000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Memory allocated: 5400000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597843	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597047	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Window / User API: threadDelayed 3487			Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Window / User API: threadDelayed 6299			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\is-5PQBT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\idp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\lv\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\lv\is-9GV88.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\is-PKMHG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\CrashReporter.NET.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\is-PVMFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DeskTime\es\DeskTime.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\isxdl.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5560	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99874s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99657s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99532s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99395s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -99016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98905s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98718s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98467s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98359s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98250s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98140s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -98031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -97921s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -97807s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -135000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44887s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44343s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44208s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44092s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -43968s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -43852s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44937s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44719s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44610s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44391s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44266s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44141s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -597843s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44547s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44437s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -44328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 5516	Thread sleep time: -597047s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 7536	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe TID: 7900	Thread sleep time: -922337203685477s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99874	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99657	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99532	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99395	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99125	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 99016	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98905	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98828	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98718	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98594	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98467	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98359	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98250	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98140	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 98031	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 97921	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 97807	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 45000	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44887	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44781	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44672	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44562	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44453	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44343	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44208	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44092	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 43968	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 43852	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44937	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44828	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44719	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44610	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44500	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44391	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44266	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44141	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597843	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44890	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44547	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44437	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 44328	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 597047	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Thread delayed: delay time: 922337203685477

Source: DeskTimeSetup.tmp, 00000002.00000003.2194406213.00000000009FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}S
Source: DeskTime.exe, 00000003.00000002.4516844027.0000000005FB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation

Source: C:\Users\user\AppData\Local\DeskTime\DeskTime.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1592086
Product:	CloudBasic
Start time:	18:27:01
Start date:	15.01.2025
Sample:	DeskTimeSetup.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a1a315b9d8c9001f399cac6b91db3c10
SHA1:	5105cb81dc44f026fa06b9c4872f66d30eac3eb4
SHA256:	3f13cf8df8fccb04382a04448495e175db56129be546633ba1fc5d247a46fc0d
Filetype:	Win32 Executable (generic) a (10002005/4) 98.45%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\DeskTime\CrashReporter.NET.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	E9E30786D4BD402CB516BF794A18E8E7	339338CD918DDE0E7D22F67AF08A132AAC61CB01	FF9A407514D44D4569EE91D0AA1865B9F70A95D99340B5F5710B0F4BC899B745
C:\Users\user\AppData\Local\DeskTime\DeskTime.exe (copy)	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	18791FC75A66A5C0E569A4462A06760E	F7D0670E1CFB21C21156206C7573BCE65CE83032	EAE4BDF67B5240D67E629EFFA6A99FA9F6B324AEC90C92007F967035D705A597
C:\Users\user\AppData\Local\DeskTime\es\CrashReporter.NET.resources.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	6A64CC721EC4847E158823EA5C9188CE	3E8F67A1FBB3F1F561DFE833B7FBD8E368C7B1B8	CBB0596E080B6A6E189FA38BFD42D704EC5C0D95C39AECFC3D54814D4F44AE03
C:\Users\user\AppData\Local\DeskTime\es\DeskTime.resources.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	5AD464DBF04B0196C4F36124407B14D9	4F6213B5BFA839920D459B74532EAC6F7ADCF3E8	CF2825C91A4107EC654CA0C415B97513AAB64F45D56D3612E56E33625E344689
C:\Users\user\AppData\Local\DeskTime\es\is-5PQBT.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	6A64CC721EC4847E158823EA5C9188CE	3E8F67A1FBB3F1F561DFE833B7FBD8E368C7B1B8	CBB0596E080B6A6E189FA38BFD42D704EC5C0D95C39AECFC3D54814D4F44AE03
C:\Users\user\AppData\Local\DeskTime\es\is-PKMHG.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	5AD464DBF04B0196C4F36124407B14D9	4F6213B5BFA839920D459B74532EAC6F7ADCF3E8	CF2825C91A4107EC654CA0C415B97513AAB64F45D56D3612E56E33625E344689
C:\Users\user\AppData\Local\DeskTime\is-COTMF.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	686A3CF53334A600A650DB427B7E5B05	FB7BD96330EBF7D2B82FC26006ACBA93EA5CAE4B	B163A88548D7BDFA8B4A9C9CF72F85042DDF0C4AEF0324F1443579F7DB961EBA
C:\Users\user\AppData\Local\DeskTime\is-NHIFB.tmp	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	18791FC75A66A5C0E569A4462A06760E	F7D0670E1CFB21C21156206C7573BCE65CE83032	EAE4BDF67B5240D67E629EFFA6A99FA9F6B324AEC90C92007F967035D705A597
C:\Users\user\AppData\Local\DeskTime\is-PVMFV.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	E9E30786D4BD402CB516BF794A18E8E7	339338CD918DDE0E7D22F67AF08A132AAC61CB01	FF9A407514D44D4569EE91D0AA1865B9F70A95D99340B5F5710B0F4BC899B745
C:\Users\user\AppData\Local\DeskTime\lv\DeskTime.resources.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	308E664DB03906DB5101DEB0C714B4FE	AD8330B0AC3C8B8AEC6C57BE1C04D3505F70DD0B	3F5AFF6BEEC6757B8FAC2511F012733B4FECC49DCD7B0C7B4B7504E02E9A8E69
C:\Users\user\AppData\Local\DeskTime\lv\is-9GV88.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	308E664DB03906DB5101DEB0C714B4FE	AD8330B0AC3C8B8AEC6C57BE1C04D3505F70DD0B	3F5AFF6BEEC6757B8FAC2511F012733B4FECC49DCD7B0C7B4B7504E02E9A8E69
C:\Users\user\AppData\Local\DeskTime\unins000.dat	InnoSetup Log DeskTime, version 0x418, 53694 bytes, 609290\37\user\37, C:\Users\user\AppData\Local\DeskTime\376	EBE9D84D4EE351D65758A6B6A690B986	3F6E788BF0377F6DEBED27B09CB3C56703E69756	29BA141F0D24FA6824482C303D12DD4AAA76E34E817074F883C03E5E614BD987
C:\Users\user\AppData\Local\DeskTime\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	686A3CF53334A600A650DB427B7E5B05	FB7BD96330EBF7D2B82FC26006ACBA93EA5CAE4B	B163A88548D7BDFA8B4A9C9CF72F85042DDF0C4AEF0324F1443579F7DB961EBA
C:\Users\user\AppData\Local\DeskTime\unins000.msg	InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation	313D0CC5D1A64D2565E35937991775A6	B8ACB11878C485865C9E4679248E53B83A8F3AD4	5ED0233C0922E9F20307315E24B4F33C3D56AB9F42B2F75AE91E7A27FD313B66
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DeskTime.exe.log	ASCII text, with CRLF line terminators	D7F072ADBEC87922043DB912EA133625	C8D588E0DA0AD7D1246E4EAD3AC648B5F7C498B2	C430D099EEB7634D0329CE930BC1B1D879ED63FCFC47B801F28A42D9DFF86871
C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	E4211D6D009757C078A9FAC7FF4F03D4	019CD56BA687D39D12D4B13991C9A42EA6BA03DA	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\idp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	55C310C0319260D798757557AB3BF636	0892EB7ED31D8BB20A56C6835990749011A2D8DE	54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
C:\Users\user\AppData\Local\Temp\is-1DNPB.tmp\isxdl.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	48AD1A1C893CE7BF456277A0A085ED01	803997EF17EEDF50969115C529A2BF8DE585DC91	B0CC4697B2FD1B4163FDDCA2050FC62A9E7D221864F1BD11E739144C90B685B3
C:\Users\user\AppData\Local\Temp\is-T4572.tmp\DeskTimeSetup.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	686A3CF53334A600A650DB427B7E5B05	FB7BD96330EBF7D2B82FC26006ACBA93EA5CAE4B	B163A88548D7BDFA8B4A9C9CF72F85042DDF0C4AEF0324F1443579F7DB961EBA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime\DeskTime.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 15 16:28:03 2025, mtime=Wed Jan 15 16:28:04 2025, atime=Thu Dec 19 14:59:10 2024, length=2364664, window=hide	9DA88CDCEAE6210077BD4E1858E2C2AB	2D9AA43B05D024170E34ED612CF080386C0F8E9D	6C63F31C063E091D94AE4FF4EC5564C86768F275398B5C1233C369109520D014
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskTime\Uninstall DeskTime.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Jan 15 16:28:03 2025, mtime=Wed Jan 15 16:28:03 2025, atime=Wed Jan 15 16:27:53 2025, length=3231992, window=hide	804EEA1E4AC0628DE34321F3F5CC691A	1B0A8D27E6B38456CA3A8F517A884E0BF2E4FDFE	77D79B809EA62509E83AC37C67E8D70645BA08FB7136B22ECB7D123D4C4D78FD

Windows Analysis Report
DeskTimeSetup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report DeskTimeSetup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
DeskTimeSetup.exe