» icreinstall_freesoundrecorder.exe
Overview
Analysis
File Details
Downloads (24)
Network (3)

icreinstall_freesoundrecorder.exe

Nopumalifo

Huaxinwantong Beijing Technology Ltd

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_freesoundrecorder.exe, “Nopumalifo Setup ” by Huaxinwantong Beijing Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.taggiftflash.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

Purek (signed by Huaxinwantong Beijing Technology Ltd)

Product:

Nopumalifo

Description:

Nopumalifo Setup

Version:

1.4.2.6

MD5:

f95f5bf8d8ad9f3e6f07f3199eb470a9

SHA-1:

7e49c5ba36827f3925a3f26128bbe5dcc5feb7c4

SHA-256:

d4a44f3d46fb8ba066cb7f1514537b6d8d8e00ee171e732d8a9e31802cb4de65

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/6/2024 6:24:25 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.instalCore.Huaxinwa.Bundler.Meta (M)

16.6.30.12

File size:

906.5 KB (928,248 bytes)

Product version:

2.0.9

Fast Software

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_freesoundrecorder.exe

Digital Signature

Signed by:

Huaxinwantong Beijing Technology Ltd

Authority:

COMODO CA Limited

Valid from:

3/24/2016 7:00:00 AM

Valid to:

3/25/2017 6:59:59 AM

Subject:

CN=Huaxinwantong Beijing Technology Ltd, O=Huaxinwantong Beijing Technology Ltd, STREET="Dong Balizhuang 54, Building 2", L=BeiJing, S=BeiJing, PostalCode=100025, C=CN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C31292C6449E082B3FBF99E310243E2E

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:eti0NiGXIAR5v3nWi+dZKEUQq3p9UdRC+8Y4:eEcbXV/t+dZKEVq5b+81

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file icreinstall_freesoundrecorder.exe has been seen being distributed by the following 24 URLs.

http://www.taggiftflash.com/GQlvYi2HhYzRBhtTRJS487KzT TTrssnGtx H6MIlRo87v0cPBy M3E52ATQ37fd0mPK57AiaSQNi9I78seOekXxpTTK7SCphQJCmnmUIE5Qp3m mQLSB7ZgOJMl4Dnm5KD5xcj3X2aAlTWQEvMRlBX9Vh_Dwg5Wij0NLNVWGQa1lxKE23tOy_gwWHcF36wjTPulprTYttoRUi42 xkCwgtsu9drLw==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.factorycapitalstock.com/63tpklB5OluF8JzahBbvhgXsJN2SydzRBVhaV1GRngocyoBgsqJm V5ZDSJZVwTDILG7IjmKyJiq8AATo8Hhj9alv7ixddRGJgp2d m hq9BdDg5cyCNyZtvxiDWu EoD PAQQPRpKR4Jq73nU38dnmU6rb7wecK8iz9ZMqST5VWa5C_GA8 IC7n4bxuN3By3GRmY7k Vw ph3UMnK1yJRw6MMvAlqWMj_wUB wK8ZGCgTQahG0IRrq JZ4HDkKpHHJag6DUxG2oFg2E26sM0SBsiyDkeJ2vVYFEA_RKMYX3Xs_TZDR7FyFkYmphMBJxN7LtTyBQitxvM4hque8opbjQYe5cXRNSgwDMo7nbz Y150dSts_D7Yx1B8zhw6N5o1B5j7lgRIOAA9Gieb8BgosaQ4J2hX D4yYkIixzKjVrRPoXgLSlp2_WbQft_wP h1ExH3nyebX_pm9Jtkj1H0Q3Trzbsg==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.taggiftflash.com/ktPdO5dyE2ENRINgLY 6hIJdTPNsrXmB8E wwu5Vw5Qln6DNvviFBgeZr1psQ2NVJp4 psioz_uGD0EY8GD_uHZSEnSjH_rUg94ud2ZHwLChNHIsRovqZTsV_dwVt3mjp6U5MSompot2QPjbuNQS 9m4HXcWqNZbYymQ06ZzsEjIf3JyINhxyDwbN1zMfP7aO0AoUVzizMLA4dAJ85gR0j81kSPXA==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.taggiftflash.com/RtflhW3LhreT9wIDjazcFdWssuU_wzTmOGYCTDYUNwf5QR9vzbV8P3 1n942vCo_1jauuG33bJ2l3mH kYZa4UCScuceVBjX9WBkZ7F3C8gSjKIE3kWiin9YzwWxexeaLRxDqwR wdtQiDgvfu6SRNHhZ5PJJ2UcrU7i2OKlHblduYp8gLUDsV37dSl9tVRmidBWDfjn84QneOrzW0d6VTqhQT0vVtHv7R54CsiwjpU9daun3bbDbWe9wxhRtgRQfphMrTDFLl__1aky4dUjZn4zihbOpPxhq1JTQabHmDaOPvzhdf1tdNlivXLJpDfQs0JviR0e0rGwccYLDB6q4mahaS1rdMe9ri2H1cVqHsjiHkhUbh3WC6Mitw56IWKgCmc2wQ7EA2xrTkRI_TROe6WZPENUr3nEZaB5XS_VJxTZYpceIB9Y0n FRzufrGScMGKi5g1ooZcVNymFwQzF RfydKMZw==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.giftbundlesfactory.com/XVEnpCOFHWAqeKRR48erkUx53tP7xnmU1k1GCDVi_NuPVUpElsSIdpAfJKDmfpK fnHKIhNvgrGt4Yfe_ 5e8Qj8A 5k uIy3792Li9yZgggvcP1eBvKIXSSDxgA9SydrCzs_xZOVDhlMKL_D4x6AZwdFipmbiaRVVM_rKokhqlBeW6p4zAq0e7MQKhKr4RKXykeeZueT8Fc8G0KuBCX8VDuxg92ew==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.funtourbundle.com/6TMuB6ghK CBbsd5Ec e45hdpKZLzrzHTfV3KU8HgSsNDDnFlrKiGWpCvVc0KzcuVssb8XM_MEDxQRKavO8DkI53l_FqlyDsKjoEByo5sb8pDJ7Dr_UPtzBOHuS0f6b0RhOuNdyQL HEE342l6IUIPWN0WMsU6Y5yTpToNfkxFjUPU3Zq_GBpa5W3UiFZ9hSfaKpfXFSLI4Twc7nebAGlpynApGi3Xj7Uvu8VeO X8lESlH0Zl5pfjiOO4cj_y_VU5QEpsiDShpd4uTxuciigb8iv7J TjFYu2cghmeG1hceUbJncoeL5_hW9Gr5egMS5skqJu1DYni1xXXk_z8FaxlDjKpg3u_JKv0rF3STHw8yu4LqARUd CLcNocGOqmvR2GvQ21hRiSLq0 qLbJ_2HQPNHMK7hcGiruztRsgt eRTAK1f9UlN1I9cagCKghmzLM8r6H4C8 0Kstk15gxRQAoGIy fQ==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.taggiftflash.com/MCM9iuJboRsImCG2K9u4ioxwOd7pPhPZJiiRkhqyy qzfXX9vOgs3_FXFluSvn4_kzq76vP5rkV42YmGdPnsW2tSNU4G pIvIit0Narzy74jAHQ0sPaqcyHn2282f6jhxRNgY1 p3YD845cbgKkSXFsu1CL91RoEa9UF8cqq6ywbhta1fJhjGDQIn2CdUmMhiIt8q0FxPzY9BM8nouR0YO_BwTx g Z2Sp73Ni T52T9OTq0d fbATBkDlwqGQEFmjpT6IUOV3mpjdP3cl6CTNXH8rqrwFjyoTLdhrqdEFDsNIA3Qj1y_YjGaxkDkjALBk1o 6ozTvUbowiA0irwzSm5w3I9hvIoA8vxT9ddq7Q2oy6YANPOupR0jjbra2HKgPIIcvngRF5eKpZKIqM62AkSlJZp2p4xaoweH8KVFYaWIoZjtf6lc7kT1LOFUjgjkL08hogOKf76F3E8kc9I1rGKj3Zwow==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.funtourbundle.com/wzYRGSDSmG3DH_ECFW5JpMi_arKqrGyeXIirSmdkxjUjKWU1reSFptVelqYLQehYBTmunQsie5VICtpxYH5 aso5xMwCjkYy qHkeAEkx_sSKb xoaLCQ1IJ7ueKKTHDqj6dt5Ef TGcAHpJDYEvQztT c1oeGNeXvsQl5AC0KcHsTMEez24qwBkLLFd esFTYMVYw5oAo1iaQC1li0Ogq gbq4yCunxIXbBbKU_m7jBEl7cD0HCF6p3KxQjs2cq9zlHOi39pVgFBHqz QdwV7VBmADeYJ4J7T7PriP_OtfN4caDCA10ERhypkGU5ess8JKmZOue7QzvZBC0dwfqvfG6JcDXm RCzHHLwrv8l4j U8c3cmP_As3SGBo4lUBqZeFPfqPwIp9X2IylRu8QuY3_mnFKxiRB9I3d0plWvHPL1Dh ypdZuUUg2nKlvSqqZy_OUdlwP_P2FWd9RIhrtS7bzbBI0g==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.taggiftflash.com/uCSdnsq_ZgwbYZgblYn3dHJj8ntOMZB_Ioj_79ordZiD3Z6ewis_KOYnn4To6X2ZaYru9zO Wsna0CyJ0ksG2WmJ0GBnptFtRi9t42JNnxuAApKAzscJTIVwdyYqIUC euuxALxPsCy8n9XqULim2nc7209DZm1ExgN7zdjfujnjaGDX3g9yryufpxduy80EgL20H042XQtJWW_isc4r EVpI5r8vqjJ2mgtt 8kWQPb3cULc9uMIPrkRuS2tT_X3HzhznA1_VyA90yzOP2rfEAc_W2wwesoLTwFaYSwbNHR3fzidHTHTjtKjDEnknDQGotUgHLQqS4U2vS6H9nHC8RYlmHJpvHFWhcZIDJMFPNdaqZZo0dufIdR8pcf0sywtfrsZjLLdYk7DIkVvCAs6Vy4ioTBuZMA4MMzsPD2QCRF7MQvLYfveu9 YzfidccLqevDxkEkq9i3wqiIT4RF7BhKJOBq0w==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.funtourbundle.com/OG4iwdeDUoeVbqpt1cY1uWhKKuxytq R0aJpOLpqcKk9acOQT84f14YNuICuDa9IuQF_t4RrkGz0Db_zPI_uo1fzllxolHFmMT aBz9wRsNN47i43aY2VrwYMnNOJJuICHf2HHDx4J5KOlTg1IzBz0EqisLHtSOJvFvOFvQMU9dhrwSjuszoPU3DlRoEn8YUGRZOqz 6AR1isItgPLlcf0j7vtSvQ==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.funtourbundle.com/jpuw5Wq4xprQVTKmHOzjAtur1M G8pv8WyM2v3XQqmCvUea6opmC Rgfb9z6mpC3ir5qr8DYFV fdoljqAI3JyG4wpjp2Oahh1mFd7cAortKS Ff OvG06XIZbuGKn02YPo8Pf0wyuar_GRRbqjkP2siMi1fjELGM vxuZZ0eja8iW5mtn6XbOhX sN2l2XlSvJP6GnRTYGtMmzZOlzb__ M58GphA==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.taggiftflash.com/cxbIKWA3qJZBpWbVS_rQ_sSBnC1VqYotA 6uoU 4pHEcyVSdsmcuB 8UXCaRfy1fUhwlFu8FJdpVtUVm8c5dDe91aHwRfG6Ij4JG7uqi79mRHfwFIjnjynMJgObOJnBrGhHU8J_hEyjm7t9hfhkNKtfelnw9PkKGAiylJkwEOM3UZyYDRy7zD6QmbdsP3 RxytpkxDa2gyIc OnMK8Wc3jvcJGhoVw==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.factorycapitalstock.com/tsJ_ n6SQaroDWlFThAsCC7RD2Che0XIkJ9M Ao3PgrAvG4pQkiJNGn053VXYvLTU0WnM6_bWmGMMmt31BwY24OOS38kwla2m Cgo4BHoKyalkmlT qzm7_4nmk4ulyj1qwb5jwOD1Rlp8IW_3VWV2Z6uy3UUOHtE uiiuekAFDuHinqa7UGTrGNUppyriOSMTQen4sRqimbkUMKhif6aje4NKHscQ==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.taggiftflash.com/lnIodFzYoIZYR3fvP2g XrqU coLgj5mX51OcAnmvQ9KmXM 7YSFX7BqHxd4tTCdnpCapiihn7fG51tRh2r6DQVmcnhAmVdahrZakBgXvO7C1ijFxWz2NYY37qLt Ymk_Yr1YTYdWH3faCsxLt8HcE g3pYSjYOvKjvwxKXVsf7s_KAwIBXpSmWC4KiHibmuDHrRwwVXPCrS74AjU6FbJfex4nV_EiRtr6uhyeWAOHR_trJA2ZHSB4 L8j7HorkjmHemIRHx8m0WTxVN_AFe1A8dhUKSANtIu M9yjb3i6MFX4 ti3AZTuJrjuttYyYNtGhLZ5dRcPiqmECkiCuFdRN6ocLEEPWTbMwNC4TzQuasTmMJ 9XQ8w_s8U6XpQeMhTh4E36cyM7 QzlvkHZYgVS1S3TLzzv8D7ku15NbJ ETlvzXiJjoomwjW3jBzYuqMas12IW9ZgR DaM8ddtiBQ6HLl5rQ==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.funtourbundle.com/hZRb2HylJbO0scyBaOGdqPEOQMAwDLXlty2aBNYcRPxDnxGA90MJTWl VTqaQ1sjWyPqqKa3UiPrRmlCtXAMVHjjMedJFJyNoLDYI3j t305e7ZfSvkURF9vT9n1pvScd kqWAvo4SXIY8epy60O4nuwLEXUynurzXm 1DElUyPuQGjAegbqOJL0I9YNYAKIvnOjHuTEIokCdEhLrcZ6nw8QtRKfI GM 47ljAbFYBoXt4r4R_cPk84_xRA0ywGS7zMQeurw9QzgVg6VzIbpUIj97eeSzfohA1QcPC77IJ5SZNgSh2J1ZmeYoy5XJ9IwTWDbsCev_3r538cr8CmVP81R0y355iBjXWCGabWxQxgwHBgJAi8lAMbkWVvoRox105L JH 1j9DF3zMTn8ZqF9mz6acaqZM5B7Rn2IIWQmZLt yMjt W4V2GAmU8rFOz2CPHB6Lq7vpV6SwZXqsIDIGyRlfnQ==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.funtourbundle.com/bjyBrmt 8RoHG5gm 66TecmUyzo r7q2_ uQRdqPdxs_aBqcGCumaW60hUxyFqtjxbIbFdXc_gcvjgCWHK1L8zxa8GDTc5p6yq7hs7DR_ebEY46LenouNFXzFFWaskfmivq4rwodFlHLNWdS9oCEvL9Y9mjqYfqhbZhMRaOQhT65tMSwWqAtgNGOVWc02zQzbIRX2hIcvkdK7k_4F4rNyRX84Ed1_g==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.giftbundlesfactory.com/gy1qWRLz7bkb1tog8vfFCY0gdbdHpngHZPDQMcIj_4qQNvV4_YFb9xtsMi_d0NRaoO1q6cT2LyRMhmZGqayA8 BGh4ZhwKvscnn9L2VJn6gcO6FO8nM39JFXMo7LIBR2Z13cnbaVlQZ pC8tJZitA9SB6QzcehDR89qzNp2bfY VAi PiEmbjfiQOWynTKLZX_w5Yyyx9e1A8WppxdOqT_iGXJKa0Q==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.funtourbundle.com/u4pj_RW6rb5ZtJsTedvl7V4Z Mq7dkGk1i D5DwHtXh6XkG RhxLXEVy hvGu tTPpk1wGCuGXHSOjR9UVbWjU_omLT by_EdyU48E9b_JxLXDC29RxUJYyrEU7zx0y5QtghLTMlGRgtYftFYZwMgN_hY7NZHsI7wG_J6vKWYEENuxocH0dFBsRoIRYmERQLJShu1E9H5J kdKXoWDEg8ZiCuweX_5q1OYogpBnScPEAgt9J4ZoQjhtM_9cAZs9PiFLgtQtehthKUKuy_oO69B5j1V_mcdIsWcRBnLppP8eNMYrf vqtk5ab0y0sSPD9KiOqA 9uI_1ib4WfM_XzKV96Q2Qqbzbc_rxu12pkSU 2WYrKR wHKZdbrVznkmRbENWsmHQdhfeo2Lhrmo1rCuqQCgi1KhBrUfC7hTgxMNi4a3Ti1iiHSvaWl1MhS5siRMIkKKoM2VJw1kGbHxiPKo2mxcGkw==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.factorycapitalstock.com/rLMZqQamw dBK9wcxWlT_y_b_KP33px7mEGZnJEt7z230QGS1xdRDJxI0vxuU5VzU_4CBuRoUXyti2FPJrLLTAr0Gr4i1z53xeP 7IMekbz4jx2 hPA5KZOCxcvoexVmG8Vfb O4zwqEVT89pjEjCbCrzC2xFIYUGZ3C 2Yt2EYnTJs7BeoQAP9uyUGeIwQpV5dBlj4wsTgzcldaZSMyaVlYL5YKIN0OPQtlMomHVeNLuMBw1HPuP_TPHhOKVF5QclYPtUu16Io5gXFWiyehj1a1iQmbC_ZDFWSafXC3n2kn93GbO3OvOlpzn EVc_Bv0H1YxqsvUhZSPvU bapAu_mvqCVpwNs0p1eE6mI5UyF OWFrcfzOVeVgPvCVoZOZzdL_xEc8ug1JiVHWdFyjnSuDwj26akRMaKpCaLKzD5IUpPC0y8DNN_0ltLSTTtCtrTGSbmTJVGgvY8u830ygsoaodXdS1Q==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.funtourbundle.com/5jFyqndrBJtft v4s9qM6nMfk4sDrFxN7gSgY5lfh21rzZniqnXi_lwvdHLpgxYb vMW20_rAoKduskg1rvAVXHwGYDo168EY3g6lvbds0v Dyq4G1nVm4WIjWmDYmQBywwbZxAqTVbLanfVaEZD_DFIIIVdx NQ62C_WLmLUVtkZvG7NKs2sJiyzH6CYy7NogQKMafbyuGdX hwh0T9ba_Di2RGNUIAfUuwRv 41fHIIrE8S0Sv5dFSkxjU3Tf1J5W0j QYWYjVV09nL5C ahk4IwEpmRnmJjjnKqNk7dbm gWizCFi18YrAHesLwHp8ExuJVTwSedNXETm5HIXKGZO5_g4_nhHQQGJjvJmn_UnKXtyafumd8bb1epLmolH0b0NAxyo4ccgv3sjq0 qXBhaqwVqwTD 95cTbGUjTtXG0quuC6cY6ZAIHDYh1dJIPtwNsP3FKbYLNg82SX21aFKoT4lWjA==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

http://www.funtourbundle.com/Svmph0h5k7rfA_SWJTFgWRN 5Zf0KshluD3eMtzRh8oOTgtS7k5vVwwN7HR0PyuBA751HQ50Bxaxn5dcDCVvyyg6su 5wL8Or9xp BvGfqoasiTefcmjOsEKSwVkpoKNKIO1vAlZdTUTF3RES1ElaJQLmj824NHYq5J Zg35QaS4HhJOCIvwtNy3nKnRoTQTcl28jSLTgpZqyb9r_6DC2W0gixcO0w==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.funtourbundle.com/2IeLOxjrROzT_BFln 3kcZGwjxdOggGch0ScUJhESI7sUoepNgiYba3RmMxOwiN9BGt3iGm6LqFFRLPBTXwhkVStU8ZumBxI1gz5CyTINHWlzRru6YPRU6j_nFSJ 1XrJ0uTn2mMhh558R7XD5icEdThbDcaoBKwCureW4Ua UlKzB57Ny6P961wqQFtaBPS7t0CtxQ1eVr2EQSybP80A64nbGk36A==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.funtourbundle.com/xAdL1z0ZpO99DWuWy97iVGqA4zAHrLaWZFBCgEbj6nYSzAD3TNaDUA NnWq S45kcBtelCe6apwmy sZMOJM_RSN0mlFekCuGXZvxmTXMqLcfUE5HFF0_0i1AzmfWAIP9a7QJzCftCAO4IHR_z8Pf05BCk 4wKR0G3ckINgcDEyT iMpypKZstbl ObDOe9F3WHquTZhhz_uz7v_plzTeBk1f450aQ==-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==

http://www.taggiftflash.com/KbaKQrhHOKE_oARBRaV3oDO0z1sPRhDwIv6BsIxpSQzJ8zWv aDbB5QCZOc7ObAMpUhrzp_1YuLKTdi_qnjRXRqO4 fk pxdvuzvQJkGUTyAiaOzPRHlREat8yVkhJktGCBF0kezyV6Y_v45HpAUTnMDPT4lbg5Hk3_l_PmfagQVu0n0BPnyG6AWd5ejZlNVSdeADLE3btlL3a98AXexACM27kwya97GVjHK MDeUK1UTKPd EP9TQhTigrove5yIWd0_vZV1x0RtEJwI8RutMpoCDe1HicwYpNOJK1q91y2Ap1RcA84uOt3T8nuBxnEEiDvQo7D6eGwe2iGYrxyye4Y25WQgs Z3CJH0xb2Zw7ynehnVcSdmjtJ_rgFYGoHJhjG2nugv9uRDCq2sHfWJ86_uYkD72knLmBny4bZG42eIvxlZwEqiNn3dRjaPUBdSc8Ce5DL-G1cAAATibLFRmk1lXbALit kd8IhUKByQQY4sMBj HxLUPLGLL9i_3Y6E3HZttxxmyp8 VE7SA6x5Sl8AA==-e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdneu.webfilescdn.com (65.254.40.36:80)

Remove icreinstall_freesoundrecorder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.